dandri/c-toxcore
1
0
Fork 0
mirror of https://github.com/TokTok/c-toxcore synced 2026-06-04 08:11:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use after free reported in #278 occurs because toxav_kill()

Browse Source 
calls msi_kill() (toxav.c:180) which frees msi_call instances (msi.c:161)
which are then used when call_remove() (toxav.c:1136) is called.
This fix prevents call_remove() from calling invalid pointer.

Fixes #278
This commit is contained in:
mannol
2016-12-20 22:31:47 +01:00
parent de623f9eb9
commit 7122d2e862
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
toxav/toxav.c
+1
View File
@@ -188,6 +188,7 @@ void toxav_kill(ToxAV *av)
while (it) {
call_kill_transmission(it);
it->msi_call = NULL; /* msi_kill() frees the call's msi_call handle; which causes #278 */
it = call_remove(it); /* This will eventually free av->calls */
}
}