laforge submitted this change.

View Change


Approvals: Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve laforge: Looks good to me, approved 
osmo_io: Assign const name when stealing TX msg from iofd ctx

All TX messages are moved from iofd instance to the user's context.
iofd may be destroyed, but the message is still available to the user.
To prevent a use-after-free bug, the context name must be changed from
iofd->name to a constant that does not belong to iofd.

Change-Id: Ib8dae924fa2d94a7f636136ba7279b965a18cf5b
---
M src/core/osmo_io.c
1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/core/osmo_io.c b/src/core/osmo_io.c
index 7ea959b..33466e5 100644
--- a/src/core/osmo_io.c
+++ b/src/core/osmo_io.c
@@ -152,9 +152,7 @@
 	uint16_t headroom = iofd->msgb_alloc.headroom;
 
 	OSMO_ASSERT(iofd->msgb_alloc.size < 0xffff - headroom);
-	return msgb_alloc_headroom_c(iofd,
-				     iofd->msgb_alloc.size + headroom, headroom,
-				     iofd->name ? : "iofd_msgb");
+	return msgb_alloc_headroom_c(iofd, iofd->msgb_alloc.size + headroom, headroom, "osmo_io_msgb");
 }
 
 /*! return the pending msgb in iofd or NULL if there is none*/

To view, visit change 36121. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: Ib8dae924fa2d94a7f636136ba7279b965a18cf5b
Gerrit-Change-Number: 36121
Gerrit-PatchSet: 2
Gerrit-Owner: jolly <andreas@eversberg.eu>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>
Gerrit-MessageType: merged