This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Alexander Chemeris gerrit-no-reply at lists.osmocom.orgHello Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/1245 to look at the new patch set (#2). l1sap: Fix use-after-free in loopback mode. By default l1sap_tch_ind() returns 0 which signals to its caller that message has been processed and can be freed. In case of loopback we're forwarding the message to dl_tch_queue who will free it later. Returning 1 from l1sap_tch_ind() prevents caller from freeing message. Change-Id: I1e065075baa51c88fa717f132e1f0a83df68be02 --- M src/common/l1sap.c 1 file changed, 3 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/45/1245/2 diff --git a/src/common/l1sap.c b/src/common/l1sap.c index f4bc5ce..553011f 100644 --- a/src/common/l1sap.c +++ b/src/common/l1sap.c @@ -925,6 +925,9 @@ } msgb_enqueue(&lchan->dl_tch_queue, msg); + + /* Return 1 to signal that we're still using msg and it should not be freed */ + return 1; } lchan->rtp_tx_marker = false; -- To view, visit https://gerrit.osmocom.org/1245 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: I1e065075baa51c88fa717f132e1f0a83df68be02 Gerrit-PatchSet: 2 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Alexander Chemeris <Alexander.Chemeris at gmail.com> Gerrit-Reviewer: Jenkins Builder