Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set d_call to null to prevent potential use after free #739

Merged
merged 1 commit into from
Dec 4, 2022
Merged

Set d_call to null to prevent potential use after free #739

merged 1 commit into from
Dec 4, 2022

Conversation

galenguyer
Copy link
Contributor

plugman_audio_callback in p25_recorder_decode is sometimes call when d_call is an invalid pointer. This seems to be some form of race condition where d_call has been freed immediately before the audio callback is called, causing a segmentation fault in the simplestream plugin on line 63 (call->get_system()). By setting d_call to null when p25_recorder_decode::stop() is called, we can check for it being invalid before a plugin ever sees it, preventing a use-after-free segmentation fault.

plugman_audio_callback in p25_recorder_decode is sometimes
call when d_call is an invalid pointer. This seems to be some form
of race condition where d_call has been freed immediately
before the audio callback is called, causing a segmentation fault
in the simplestream plugin on line 63 (`call->get_system()`).
By setting d_call to null when `p25_recorder_decode::stop()`
is called,  we can check for it being invalid before a plugin
ever sees it, preventing a use-after-free segmentation fault.
@robotastic
Copy link
Owner

Good catch! For the plugin events at the end of a call, they get a copy of the Call info because the call object will get deleted. We could look at doing something similar, but it is probably easier to just check for Null. Especially since this hook gets called so often.

@robotastic robotastic merged commit ba51381 into robotastic:master Dec 4, 2022
@galenguyer galenguyer deleted the simplestream-segfault branch December 4, 2022 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants