[asterisk-bugs] [Asterisk 0013096]: [patch] avoid a leak in an error handling path

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Jul 17 09:11:52 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=13096 
====================================================================== 
Reported By:                gknispel_proformatique
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   13096
Category:                   Resources/res_config_sqlite
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     feedback
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 131605 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             07-17-2008 07:15 CDT
Last Modified:              07-17-2008 09:11 CDT
====================================================================== 
Summary:                    [patch] avoid a leak in an error handling path
Description: 
In realtime_multi_handler(), query is not correctly freed if the ORDER BY
sqlite_mprintf() fails.
====================================================================== 

---------------------------------------------------------------------- 
 gknispel_proformatique - 07-17-08 09:11  
---------------------------------------------------------------------- 
The last previous allocation of query is done either on line 1059 or on
line 1073 (in tmp_str then the pointer is copied to query on line 1085)

On line 1092 tmp_str is allocated. query is used, but neither allocated
nor freed.
Therefore if allocation on line 1092 fails, tmp_str will contain NULL but
query will be left allocated because it is not freed before the return
NULL;

realtime_multi_handler_avoid_leak_on_error.patch applies the same
principle as what appears between lines 1073 to 1085.

BTW this bug was not present in the file we sent you initially
http://bugs.digium.com/file_download.php?file_id=11311&type=bug 

And rereading our initial code and what is now in Asterisk trunk, you can
apply the same fix to realtime_update_handler(), realtime_destroy_handler()
and there are similar errors at least in realtime_store_handler().

Indeed I agree that the code is a little hard to follow. I might partially
rewrite it one day. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-17-08 09:11  gknispel_proformatiqueNote Added: 0090385                       
  
======================================================================

More information about the asterisk-bugs mailing list