cbs: Resolve a use-after-free

In situations where location changes rapidly, a use-after-free condition can occur. What happens is that the timeout leaks and then the cbs struct with the callback is cleaned up, resulting in a SIGSEGV when the callback occurs from the glib loop.
2015-12-21 10:03:49 +00:00 · 2015-12-21 10:03:49 +00:00 · e43a006c7b
parent 0e02229ceb
commit e43a006c7b
1 changed files with 4 additions and 1 deletions
--- a/src/cbs.c
+++ b/src/cbs.c
@ -1029,11 +1029,14 @@ out:

 	/*
 	 * In order to minimize signal transmissions we wait about X seconds
-	 * before reseting the base station id.  The hope is that we receive
+	 * before resetting the base station id.  The hope is that we receive
 	 * another cell broadcast with the new base station name within
 	 * that time
 	 */
 	if (lac_changed || ci_changed) {
+		if(cbs->reset_source)
+			g_source_remove(cbs->reset_source);
+
 		cbs->reset_source =
 			g_timeout_add_seconds(3, reset_base_station_name, cbs);
 	}