Details
-
Bug
-
Status: Patch Available
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
Description
1、in check_events() function, no null check for the pointer returned by allocate_buffer, the pointer will be passed to recv_buffer(), then the curr_offset member of pointer will be accessed directly.
2、in queue_session_event(), curr_offset also be accessed directly without null check.