dandri/c-toxcore
1
0
Fork 0
mirror of https://github.com/TokTok/c-toxcore synced 2026-06-07 11:02:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix use-after-free of toxav's TimerHandler

Browse Source 
If msi.c:timer_terminate_session frees "handler", then when msi.c:timer_poll's thread resumes, there WILL be a use after free of "handler", with a likely segfault.

This use after free causes a crash in qTox, see tux3/qTox#534
This commit is contained in:
Tux3 / Mlkj / !Lev.uXFMLA
2014-10-25 12:28:54 +02:00
parent 9878b441b1
commit ea4320733f
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
toxav/msi.c
+1 -2
View File
@@ -631,6 +631,7 @@ static void *timer_poll( void *arg )
usleep(handler->resolution);
}
free(handler);
pthread_exit(NULL);
}
@@ -699,8 +700,6 @@ static void timer_terminate_session(TimerHandler *handler)
free(handler->timers);
pthread_mutex_destroy( &handler->mutex );
free(handler);
}
/**