Parent: 7ff745c2bd0c2656a7022ee11c67c6d8dc8494a6
Author: Pauli Virtanen <pav@iki.fi>
Committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: 2024-06-17 21:57:55
Tree: c1ea87e7d7b94f027a8aa9b97afca1a7468711a5
transport: fix crash when freeing transport Fix UAF by freeing transport->remote_endpoint in media_transport_free, which also frees the struct (not in destroy after the struct is freed). ERROR: AddressSanitizer: heap-use-after-free READ of size 8 at 0x508000022ab8 thread T0 #0 0x493624 in media_transport_destroy profiles/audio/transport.c:223 ... freed by thread T0 here: #1 0x7fb057d10294 in g_free (/lib64/libglib-2.0.so.0+0x5d294) #2 0x49dd2d in media_transport_free profiles/audio/transport.c:1276 #3 0x7e0e99 in remove_interface gdbus/object.c:682 #4 0x7e8f40 in g_dbus_unregister_interface gdbus/object.c:1430 #5 0x4935a2 in media_transport_destroy profiles/audio/transport.c:220
Diffstat
| M | profiles/audio/transport.c | | | 4 | +- - - |
1 files changed, 1 insertions(+), 3 deletions(-)