Eugene Siegel 167df7a98c net: fix use-after-free with v2->v1 reconnection logic ...

CConnman::Stop() resets semOutbound, yet m_reconnections is not
cleared in Stop. Each ReconnectionInfo contains a grant member
that points to the memory that semOutbound pointed to and ~CConnman
will attempt to access the grant field (memory that was already
freed) when destroying m_reconnections. Fix this by calling
m_reconnections.clear() in CConnman::Stop() and add appropriate
annotations.

2025-11-26 15:51:51 -05:00

156 KiB

Raw Blame History

View Raw