jolly has uploaded this change for review.
osmo_io: Assign const name when stealing TX msg from iofd ctx
All TX messages are moved from iofd instance to the user's context.
iofd may be destroyed, but the message is still available to the user.
To prevent a use-after-free, the context name must be changed from
iofd->name to a constant that does not belong to iofd.
Change-Id: Ib8dae924fa2d94a7f636136ba7279b965a18cf5b
---
M src/core/osmo_io.c
1 file changed, 16 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/21/36121/1
diff --git a/src/core/osmo_io.c b/src/core/osmo_io.c
index 7ea959b..89690ae 100644
--- a/src/core/osmo_io.c
+++ b/src/core/osmo_io.c
@@ -334,7 +334,9 @@
* \param[in] hdr serialized msghdr containing state of completed I/O */
void iofd_handle_recv(struct osmo_io_fd *iofd, struct msgb *msg, int rc, struct iofd_msghdr *hdr)
{
+ /* Steal the msg from iofd. Also assign const name, because iofd->name will be freed when iofd is destroyed. */
talloc_steal(iofd->msgb_alloc.ctx, msg);
+ talloc_set_name(msg, "osmo_io_rx_msgb");
switch (iofd->mode) {
case OSMO_IO_FD_MODE_READ_WRITE:
iofd_handle_segmented_read(iofd, msg, rc);
To view, visit change 36121. To unsubscribe, or for help writing mail filters, visit settings.