This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Pau Espin Pedrol gerrit-no-reply at lists.osmocom.orgPau Espin Pedrol has posted comments on this change. ( https://gerrit.osmocom.org/9252 ) Change subject: fix double-free/use-after-free of pointers in struct e1inp_line ...................................................................... Patch Set 1: Code-Review-1 (1 comment) https://gerrit.osmocom.org/#/c/9252/1/src/e1_input.c File src/e1_input.c: https://gerrit.osmocom.org/#/c/9252/1/src/e1_input.c@429 PS1, Line 429: /* Remove our counter group from the global counter list I have the feeling this code is wrong. 1- What about the first e1inp_line object? The first object is not created through e1inp_line_clone right? so those unlink() I'm not sure if they apply correctly in that case. Probably it's fine since then we will go through the "only 1 parent" case and don't call talloc_unlink. 2- line->driver_data is missing talloc_unlink() if it exists. 3- "if (talloc_reference_count(line->rate_ctr) == 0)" is wrong, we should compare against "1", because we didn't decrease the ref yet. -- To view, visit https://gerrit.osmocom.org/9252 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmo-abis Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I9f4724b4a5a064801591e9acf4f2fd1db006d082 Gerrit-Change-Number: 9252 Gerrit-PatchSet: 1 Gerrit-Owner: Stefan Sperling <ssperling at sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de> Gerrit-Comment-Date: Wed, 23 May 2018 11:28:27 +0000 Gerrit-HasComments: Yes Gerrit-HasLabels: Yes -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180523/ce4b5f4a/attachment.htm>