cbs: Resolve a use-after-free

In situations where location changes rapidly, a use-after-free condition can occur. What happens is that the timeout leaks and then the cbs struct with the callback is cleaned up, resulting in a SIGSEGV when the callback occurs from the glib loop.
author: John Ernberg <john.ernberg@actia.se> 2015-12-21 10:03:49 +0000
committer: Denis Kenzior <denkenz@gmail.com> 2015-12-21 17:53:43 -0600
commit: e43a006c7b85b740f1628efa2c9f679a87afd680 (patch)
tree: 4a5b0947c1eeb5c222138661560af96531453eb9 /src
parent: 0e02229ceb7d3a1ad2537678931dcd2a63285807 (diff)
download: ofono-e43a006c7b85b740f1628efa2c9f679a87afd680.tar.bz2
1 files changed, 4 insertions, 1 deletions
diff --git a/src/cbs.c b/src/cbs.c
index b5f0b729..fdc44a11 100644
--- a/src/cbs.c
+++ b/src/cbs.c
@@ -1029,11 +1029,14 @@ out:
 
 	/*
 	 * In order to minimize signal transmissions we wait about X seconds
-	 * before reseting the base station id.  The hope is that we receive
+	 * before resetting the base station id.  The hope is that we receive
 	 * another cell broadcast with the new base station name within
 	 * that time
 	 */
 	if (lac_changed || ci_changed) {
+		if(cbs->reset_source)
+			g_source_remove(cbs->reset_source);
+
 		cbs->reset_source =
 			g_timeout_add_seconds(3, reset_base_station_name, cbs);
 	}
author	John Ernberg <john.ernberg@actia.se>	2015-12-21 10:03:49 +0000
committer	Denis Kenzior <denkenz@gmail.com>	2015-12-21 17:53:43 -0600
commit	e43a006c7b85b740f1628efa2c9f679a87afd680 (patch)
tree	4a5b0947c1eeb5c222138661560af96531453eb9 /src
parent	0e02229ceb7d3a1ad2537678931dcd2a63285807 (diff)
download	ofono-e43a006c7b85b740f1628efa2c9f679a87afd680.tar.bz2