diff options
author | John Ernberg <john.ernberg@actia.se> | 2015-12-21 10:03:49 +0000 |
---|---|---|
committer | Denis Kenzior <denkenz@gmail.com> | 2015-12-21 17:53:43 -0600 |
commit | e43a006c7b85b740f1628efa2c9f679a87afd680 (patch) | |
tree | 4a5b0947c1eeb5c222138661560af96531453eb9 | |
parent | 0e02229ceb7d3a1ad2537678931dcd2a63285807 (diff) | |
download | ofono-e43a006c7b85b740f1628efa2c9f679a87afd680.tar.bz2 |
cbs: Resolve a use-after-free
In situations where location changes rapidly, a use-after-free condition
can occur. What happens is that the timeout leaks and then the cbs
struct with the callback is cleaned up, resulting in a SIGSEGV when the
callback occurs from the glib loop.
-rw-r--r-- | src/cbs.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -1029,11 +1029,14 @@ out: /* * In order to minimize signal transmissions we wait about X seconds - * before reseting the base station id. The hope is that we receive + * before resetting the base station id. The hope is that we receive * another cell broadcast with the new base station name within * that time */ if (lac_changed || ci_changed) { + if(cbs->reset_source) + g_source_remove(cbs->reset_source); + cbs->reset_source = g_timeout_add_seconds(3, reset_base_station_name, cbs); } |