generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2024-12-13 18:55:10 +01:00
Code Issues Projects Releases Wiki Activity

add sanity check in msg_t::rm_refs in order to avoid invalid memory access with u.zclmsg.refcnt

Browse Source
This commit is contained in:
Juha Reunanen 2015-07-07 19:05:53 +03:00
parent 6ab66ca51a
commit ccb13e1732
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/msg.cpp
View File

@ -467,7 +467,7 @@ bool zmq::msg_t::rm_refs (int refs_)
} }
// The only message type that needs special care are long and zcopy messages. // The only message type that needs special care are long and zcopy messages.
if (!u.lmsg.content->refcnt.sub (refs_)) { if (u.base.type == type_lmsg && !u.lmsg.content->refcnt.sub(refs_)) {
// We used "placement new" operator to initialize the reference // We used "placement new" operator to initialize the reference
// counter so we call the destructor explicitly now. // counter so we call the destructor explicitly now.
u.lmsg.content->refcnt.~atomic_counter_t (); u.lmsg.content->refcnt.~atomic_counter_t ();
@ -479,7 +479,7 @@ bool zmq::msg_t::rm_refs (int refs_)
return false; return false;
} }
if (!u.zclmsg.refcnt->sub (refs_)) { if (is_zcmsg() && !u.zclmsg.refcnt->sub(refs_)) {
// storage for rfcnt is provided externally // storage for rfcnt is provided externally
if (u.zclmsg.ffn) { if (u.zclmsg.ffn) {
u.zclmsg.ffn(u.zclmsg.data, u.zclmsg.hint); u.zclmsg.ffn(u.zclmsg.data, u.zclmsg.hint);