[S] Change in libosmo-sigtran[master]: asp: Avoid double-free of received msg if conn is teared down - gerrit-log

26 May 2025


      Attention is currently required from: daniel, fixeria, laforge, osmith.
pespin has posted comments on this change by pespin. ( https://gerrit.osmocom.org/c/libosmo-sigtran/+/40327?usp=email )
Change subject: asp: Avoid double-free of received msg if conn is teared down
......................................................................
Patch Set 3:
(1 comment)
Patchset:
PS2:
...
This looks very similar to https://osmocom.org/issues/6728 (use-after-free/double-free in osmo-bts). […]
So what's the root problem according to you?
IMO the root problem is that stream_srv is the talloc parent of the msgb being dispatched over its read_cb() (which is legit) and we are operating it in an incorrect way here, by not taking that into account.
We simply didn't take into consideration this fact when we (I?) moved the code to the new osmo_stream_srv iofd-based API.
-- 
To view, visit https://gerrit.osmocom.org/c/libosmo-sigtran/+/40327?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: comment
Gerrit-Project: libosmo-sigtran
Gerrit-Branch: master
Gerrit-Change-Id: I69f80f611c14db2b328dafd4a90247c6f2dac6fd
Gerrit-Change-Number: 40327
Gerrit-PatchSet: 3
Gerrit-Owner: pespin pespin@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: daniel dwillmann@sysmocom.de
Gerrit-Reviewer: fixeria vyanitskiy@sysmocom.de
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-Reviewer: osmith osmith@sysmocom.de
Gerrit-Attention: osmith osmith@sysmocom.de
Gerrit-Attention: laforge laforge@osmocom.org
Gerrit-Attention: fixeria vyanitskiy@sysmocom.de
Gerrit-Attention: daniel dwillmann@sysmocom.de
Gerrit-Comment-Date: Mon, 26 May 2025 09:32:28 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: fixeria vyanitskiy@sysmocom.de