Hi Slava,
On 10/23/2017 04:05 PM, Slava Monich wrote:
Otherwise write_watcher_destroy_notify can be invoked after
GAtMux has been deallocated which results in write after free:
==3952== Invalid write of size 4
==3952== at 0xABF54: write_watcher_destroy_notify (gatmux.c:285)
==3952== by 0x4AF21E7: g_source_callback_unref (gmain.c:1561)
==3952== by 0x4AF2E53: g_source_destroy_internal.constprop.8 (gmain.c:1207)
==3952== by 0x4AF61CF: g_main_dispatch (gmain.c:3177)
==3952== by 0x4AF61CF: g_main_context_dispatch (gmain.c:3769)
==3952== by 0x4AF658F: g_main_loop_run (gmain.c:4034)
==3952== by 0xBDDBB: main (main.c:261)
==3952== Address 0x50c6cb0 is 8 bytes inside a block of size 4,396 free'd
==3952== at 0x4840B28: free (vg_replace_malloc.c:530)
==3952== by 0xACB53: g_at_mux_unref (gatmux.c:642)
==3952== Block was alloc'd at
==3952== at 0x4841BF0: calloc (vg_replace_malloc.c:711)
==3952== by 0xAC9DF: g_at_mux_new (gatmux.c:603)
==3952== by 0xADF2F: g_at_mux_new_gsm0710_basic (gatmux.c:1160)
---
gatchat/gatmux.c | 3 +++
1 file changed, 3 insertions(+)
Applied, thanks.
Regards,
-Denis
_______________________________________________
ofono mailing list
ofono@ofono.org
https://lists.ofono.org/mailman/listinfo/ofono
