mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-01-18 13:25:43 +01:00
Code Issues Projects Releases Wiki Activity

pay: Fix a use-after-free bug

Browse Source 
`wallet_payment_store` frees the unstored payment after it has stored it, but
we still need that instance for our notifications. This is the smallest
possible fix, but I plan to refactor this out.
This commit is contained in:
Christian Decker 2020-01-07 20:05:00 +01:00
parent b800904409
commit b9cf19175b
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lightningd/pay.c
View File

@ -606,8 +606,13 @@ void payment_failed(struct lightningd *ld, const struct htlc_out *hout,
failmsg,
fail ? fail->channel_dir : 0);
tell_waiters_failed(ld, &hout->payment_hash, payment,
pay_errcode, hout->failuremsg, fail, failmsg);
/* payment_store -> wallet_payment_store just freed `payment` from
* under us (useless indirection), so reload it in order to publish
* the notification. */
payment = wallet_payment_by_hash(tmpctx, ld->wallet,
&hout->payment_hash, hout->partid);
tell_waiters_failed(ld, &hout->payment_hash, payment, pay_errcode,
hout->failuremsg, fail, failmsg);
}
/* Wait for a payment. If cmd is deleted, then wait_payment()