From ca2a5c2d6759dbe0cc2adbbb6283189a89d4819a Mon Sep 17 00:00:00 2001
From: Riza Sulistyo <riza@teluu.com>
Date: Tue, 1 Nov 2016 04:10:17 +0000
Subject: Re #1974: Fix DNS write on freed memory. Thanks to Richard Mudgett
 for the patch.

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5477 74dad513-b988-da41-8d7b-12977e46ad98
---
 pjlib-util/src/pjlib-util/resolver.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'pjlib-util')

diff --git a/pjlib-util/src/pjlib-util/resolver.c b/pjlib-util/src/pjlib-util/resolver.c
index cfca16ad..890f89d9 100644
--- a/pjlib-util/src/pjlib-util/resolver.c
+++ b/pjlib-util/src/pjlib-util/resolver.c
@@ -929,7 +929,13 @@ PJ_DEF(pj_status_t) pj_dns_resolver_start_query( pj_dns_resolver *resolver,
 	    /* Must return PJ_SUCCESS */
 	    status = PJ_SUCCESS;
 
-	    goto on_return;
+	    /*
+	     * We cannot write to *p_query after calling cb because what
+	     * p_query points to may have been freed by cb.
+             * Refer to ticket #1974.
+	     */
+	    pj_mutex_unlock(resolver->mutex);
+	    return status;
 	}
 
 	/* At this point, we have a cached entry, but this entry has expired.
-- 
cgit v1.2.3