jolly has uploaded this change for review. (
https://gerrit.osmocom.org/c/libosmocore/+/36121?usp=email )
Change subject: osmo_io: Assign const name when stealing TX msg from iofd ctx
......................................................................
osmo_io: Assign const name when stealing TX msg from iofd ctx
All TX messages are moved from iofd instance to the user's context.
iofd may be destroyed, but the message is still available to the user.
To prevent a use-after-free, the context name must be changed from
iofd->name to a constant that does not belong to iofd.
Change-Id: Ib8dae924fa2d94a7f636136ba7279b965a18cf5b
---
M src/core/osmo_io.c
1 file changed, 16 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/21/36121/1
diff --git a/src/core/osmo_io.c b/src/core/osmo_io.c
index 7ea959b..89690ae 100644
--- a/src/core/osmo_io.c
+++ b/src/core/osmo_io.c
@@ -334,7 +334,9 @@
* \param[in] hdr serialized msghdr containing state of completed I/O */
void iofd_handle_recv(struct osmo_io_fd *iofd, struct msgb *msg, int rc,
struct iofd_msghdr *hdr)
{
+ /* Steal the msg from iofd. Also assign const name, because iofd->name
will be freed when iofd is destroyed. */
talloc_steal(iofd->msgb_alloc.ctx, msg);
+ talloc_set_name(msg, "osmo_io_rx_msgb");
switch (iofd->mode) {
case OSMO_IO_FD_MODE_READ_WRITE:
iofd_handle_segmented_read(iofd, msg, rc);
--
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/36121?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: Ib8dae924fa2d94a7f636136ba7279b965a18cf5b
Gerrit-Change-Number: 36121
Gerrit-PatchSet: 1
Gerrit-Owner: jolly <andr...@eversberg.eu>
Gerrit-MessageType: newchange
