![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Changes between Version 4 and Version 7 of Ticket #1974
- Timestamp:
- Nov 1, 2016 4:19:46 AM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1974 – Description
v4 v7 36 36 In resolver.c {{{update_res_cache()}}}, if app callback has a reference, we only decrement the reference count of the cache entry. However, since it's not removed from the hash table, later the call to {{{pj_hash_set_np()}}} will overwrite this old entry (instead of using the newly allocated cache->hbuf), which will later be freed. 37 37 38 6. Given[[br]] 39 *) A previous cached A record DNS resolution that contains either no answer records or had an error returned in the query response (PJ_STATUS_FROM_DNS_RCODE() is not PJ_SUCCESS).[[br]] 40 *) The next attempt to send a SIP request under Thread A will cause pj_dns_resolver_start_query() to find the cached entry and immediately call the cb callback. When the callback returns pj_dns_resolver_start_query() cannot update *p_query because where it points to may no longer be valid because the memory could be freed.[[br]] 41 Fixed in r5477 42 38 43 Thank you to Richard Mudgett (Digium) for the report.
