![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 15 years ago
Last modified 15 years ago
#769 closed defect
Bug in select ioqueue: event counter may exceed maximum value, causing stack corruption (thanks Joel Dodson for the report) — at Initial Version
| Reported by: | bennylp | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-1.2 |
| Component: | pjlib | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description
Stack corruption in pj_ioqueue_poll(), when execution is about to return:
#if PJ_IOQUEUE_HAS_SAFE_UNREG
decrement_counter(event[counter].key);
#endif
}
return count;
count and counter are 17. Unfortunately, event is only 16 elements long.
Note: See
TracTickets for help on using
tickets.
