[OpenSIPS-Devel] [OpenSIPS/opensips] 184d1c: tracer: fix possible double free during dialog tra...
Răzvan Crainea
noreply at github.com
Fri Sep 2 10:07:36 UTC 2022
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: 184d1cd51fcc5f567d2ddb4017f7223f1c2eb99c
https://github.com/OpenSIPS/opensips/commit/184d1cd51fcc5f567d2ddb4017f7223f1c2eb99c
Author: Razvan Crainea <razvan at opensips.org>
Date: 2022-09-02 (Fri, 02 Sep 2022)
Changed paths:
M modules/tracer/tracer.c
Log Message:
-----------
tracer: fix possible double free during dialog tracing
The initial transaction info free algorithm was to release the memory
when there is no other tracing instance running. However, when engaging
dialog tracing, a single dialog tracing instance is created, without a
transaction one. But, when the BYE is received, it is traced using the
transaction tracing, without an instance. Thus, the free function is
called twice, once for dialog and once for transaction:
* first call will find the dialog instance and release it, and release
the info (since there are no remaining instances)
* the second call, for the transaction instances releases would
basically access invalid memory, which could lead to either double
free, or even memory corruptions (in case fragment would had been
repurposed)
Credits for Vlad Paiu for troubleshooting, brainstorming and
providing useful logs
Fixes #2869
More information about the Devel
mailing list