Attention is currently required from: pespin.
Hello Jenkins Builder, laforge, pespin,
I'd like you to reexamine a change. Please visit
https://gerrit.osmocom.org/c/libosmocore/+/34144
to look at the new patch set (#4).
Change subject: osmo_io: Avoid potential double free when sending msgb ......................................................................
osmo_io: Avoid potential double free when sending msgb
Ensure that a msgb has the proper talloc parent:
All msgbs inside an iofd get the iofd as parent. Received msgbs are reparented to iofd->msgb_alloc.ctx (which was set in osmo_iofd_setup()) before being passed to the receive callback.
Before this change the code could fail for msgbs that are submitted via uring where the (failed) write returns after the iofd has already been osmo_iofd_free()d. free()ing the iofd is deferred until the write completes, but the (iofd) parent context could have been free()d in the meantime.
Change-Id: I3a279b55a3adff96948120683c844e1508d0ba94 --- M src/core/osmo_io.c 1 file changed, 36 insertions(+), 8 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/44/34144/4