[asterisk-bugs] [Asterisk 0018343]: [patch] [regression] meetme conf_run leaks refs

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Dec 6 14:09:23 CST 2010


The following issue is now READY FOR REVIEW. 
====================================================================== 
https://issues.asterisk.org/view.php?id=18343 
====================================================================== 
Reported By:                kobaz
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   18343
Category:                   Applications/app_meetme
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     ready for review
Asterisk Version:           SVN 
JIRA:                        
Regression:                 Yes 
Reviewboard Link:           https://reviewboard.asterisk.org/r/1025/ 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 295784 
Request Review:              
====================================================================== 
Date Submitted:             2010-11-20 22:23 CST
Last Modified:              2010-12-06 14:09 CST
====================================================================== 
Summary:                    [patch] [regression] meetme conf_run leaks refs
Description: 
Affects 1.8
Affects trunk

There's two conditions (original lines 2626, 3675) where in the unlikly
event of an ao2 alloc failing, we bail from conf_run and never do any
cleanup.  This leaks a ref to an ast_conf_user.

Also there's a problem with a misuse of the user* pointer while in the *8
submenu (original line 3209), we lose the original *user pointer which will
prevent proper cleanup on leave.

And lastly, this part at the bottom looks like it will never run.  It
looks like if we get to this point, user->user_no will always have been
properly initialized... and why would we want to decrement the ref count
only if user_no is invalid?  We should always clean up at the end of this
function.

3699		if (!user->user_no) {
3700			ao2_ref(user, -1);

So far, I think that everything in the else block of the above if could be
always done on cleanup.
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-12-06 14:09 lmadsen        Status                   new => ready for review
======================================================================




More information about the asterisk-bugs mailing list