Possible NULL pointer dereference in async.c
There are several possible cases of NULL pointer dereference in async.c, e.g. due to async_send_fast() returning a zero AID (because of a failed malloc()) and subsequently dereferencing the AID as amsg_t in async_wait_for().
The problem needs to be mitigated either by using a blocking malloc() (but this might be complicated and deadlock-prone) or making all the "tail" functions such as async_wait_for() more robust.
Change History
(6)
Owner: |
changed from Jakub Jermář to Jiří Zárevúcky
|
Status: |
new → accepted
|
Resolution: |
→ fixed
|
Status: |
accepted → closed
|
Retargeting as this is not a regression from previous release.