mirror of git://git.sysmocom.de/ofono
cbs: Resolve a use-after-free
In situations where location changes rapidly, a use-after-free condition can occur. What happens is that the timeout leaks and then the cbs struct with the callback is cleaned up, resulting in a SIGSEGV when the callback occurs from the glib loop.
This commit is contained in:
parent
0e02229ceb
commit
e43a006c7b
|
@ -1029,11 +1029,14 @@ out:
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* In order to minimize signal transmissions we wait about X seconds
|
* In order to minimize signal transmissions we wait about X seconds
|
||||||
* before reseting the base station id. The hope is that we receive
|
* before resetting the base station id. The hope is that we receive
|
||||||
* another cell broadcast with the new base station name within
|
* another cell broadcast with the new base station name within
|
||||||
* that time
|
* that time
|
||||||
*/
|
*/
|
||||||
if (lac_changed || ci_changed) {
|
if (lac_changed || ci_changed) {
|
||||||
|
if(cbs->reset_source)
|
||||||
|
g_source_remove(cbs->reset_source);
|
||||||
|
|
||||||
cbs->reset_source =
|
cbs->reset_source =
|
||||||
g_timeout_add_seconds(3, reset_base_station_name, cbs);
|
g_timeout_add_seconds(3, reset_base_station_name, cbs);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue