You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
@urtho commented on this pull request.
In src/modules/async/async_sleep.c:
> + return -1;
+ }
+ dsize = sizeof(async_task_t) + sizeof(async_task_param_t) + sizeof(async_ms_item_t);
+
+ at = (async_task_t *)shm_malloc(dsize);
+ if(at == NULL) {
+ LM_ERR("no more shm memory\n");
+ return -1;
+ }
+ memset(at, 0, dsize);
+ at->param = (char *)at + sizeof(async_task_t);
+ atp = (async_task_param_t *)at->param;
+ ai = (async_ms_item_t *) ((char *)at + sizeof(async_task_t) + sizeof(async_task_param_t));
+ ai->at = at;
+
+ if(cbname && cbname->len>=ASYNC_CBNAME_SIZE-1) {
The allocation is done too early. Moving it past all the input and transaction validation.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.