main: fix Array out of bounds access

baresip / re

Generic library for real-time communications with async IO support

BSD 3-Clause "New" or "Revised" License

135 stars 83 forks source link

main: fix Array out of bounds access #1184

Closed jobo-zt closed 3 weeks ago

jobo-zt commented 2 months ago

maby this right, in multi thread.


if (!fhs || !fhs->fh)
    continue;
++cfds;

sreimers commented 1 month ago

I think this is hiding the underlying problem, there should never more active file descriptors than maxfds. I have to investigate, we should first add a test case to reproduce the problem. I can have a look next week.

jobo-zt commented 1 month ago

udp_thread_detach needs to end in the thread where fd_sten is located, otherwise (! Fhs | |! Fhs ->fh) holds and continues to loop.

Can the above description provide some clues for testing work. thanks

alfredh commented 4 weeks ago

I dont think this change is needed.

It would be nice to have a testcase first to demonstrate the problem...

jobo-zt commented 3 weeks ago

In the multi thread of restund, it is not in the same thread, so there will be problems when ending the UDP connection.

The purpose of this change is to increase boundary security.
As a result, some efficiency will be lost in the main loop.