Hi Martin,
I'm afraid this isn't enough, as I still get use-after-free when
using gatmux in the quectel plugin (see attached log).
That buffer size check is a bit dubious and should never happen in
practice, it is also something that one cannot recover from if the
condition does get hit. I actually would just take it out, but you
can also just check the condition right before the mux_unref and
scribble it to a temporary. i.e.
bool buffer_full = false;
g_at_mux_ref();
for (...) {
...
dispatch_sources(...);
}
buffer_full = !mux->shutdown && mux->buf_used == sizeof(mux->buf);
Why the "!mux->shutdown" here? I would expect that to be checked before
processing the data...
Ah you're right, strictly speaking checking mux->shutdown would be
redundant. The idea was to avoid returning FALSE if we're shut down,
but I guess it shouldn't matter.
Regards,
-Denis
_______________________________________________
ofono mailing list -- ofono@ofono.org
To unsubscribe send an email to ofono-le...@ofono.org