![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 7 years ago
Closed 7 years ago
#2024 closed defect (fixed)
Fixed crash due to uncancelled timer if there's an error in resolver's query transmit
| Reported by: | ming | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.7 |
| Component: | pjlib-util | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
In ticket #1953:
Fail to create resolver when library built with IPv6 but run on system without IPv6
If the send count is zero, then transmit_query() will return PJLIB_UTIL_EDNSNOWORKINGNS, however it does so without cancelling the timer, which then will be put back in the list of free timer entries.
status = transmit_query(resolver, q);
if (status != PJ_SUCCESS) {
pj_list_push_back(&resolver->query_free_nodes, q);
goto on_return;
}
Thus, it could later result in timer heap corruption and crash after this uncancelled timer is reused and invalidated.
Thanks to Chris Tserng for the fix and Balamurugan Ramajeyam for the report.
Change History (1)
comment:1 Changed 7 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In 5612: