[OpenSIPS-Devel] [OpenSIPS/opensips] 080c6c: tracer: fix possible double free during dialog tra...
Răzvan Crainea
noreply at github.com
Fri Sep 2 10:07:58 UTC 2022
Branch: refs/heads/3.3
Home: https://github.com/OpenSIPS/opensips
Commit: 080c6c473132e0aabe0c6b544d301bc682344f92
https://github.com/OpenSIPS/opensips/commit/080c6c473132e0aabe0c6b544d301bc682344f92
Author: Razvan Crainea <razvan at opensips.org>
Date: 2022-09-02 (Fri, 02 Sep 2022)
Changed paths:
M modules/tracer/tracer.c
Log Message:
-----------
tracer: fix possible double free during dialog tracing
The initial transaction info free algorithm was to release the memory
when there is no other tracing instance running. However, when engaging
dialog tracing, a single dialog tracing instance is created, without a
transaction one. But, when the BYE is received, it is traced using the
transaction tracing, without an instance. Thus, the free function is
called twice, once for dialog and once for transaction:
* first call will find the dialog instance and release it, and release
the info (since there are no remaining instances)
* the second call, for the transaction instances releases would
basically access invalid memory, which could lead to either double
free, or even memory corruptions (in case fragment would had been
repurposed)
Credits for Vlad Paiu for troubleshooting, brainstorming and
providing useful logs
Fixes #2869
(cherry picked from commit 184d1cd51fcc5f567d2ddb4017f7223f1c2eb99c)
More information about the Devel
mailing list