[asterisk-bugs] [Asterisk 0019334]: ast_channel_set_caller_event reads from a free()'d pointer
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu May 19 16:48:32 CDT 2011
The following issue has been DELETED.
======================================================================
Reported By: kobaz
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 19334
Category: Core/Channels
Reproducibility: always
Severity: minor
Priority: normal
Status: new
Asterisk Version: 1.8.4
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2011-05-19 16:45 CDT
Last Modified: 2011-05-19 16:45 CDT
======================================================================
Summary: ast_channel_set_caller_event reads from a free()'d
pointer
Description:
In ast_channel_set_caller_event in channel.c there is a check to see if the
callerid has changed. A copy of chan->caller is made and a deep char*
member inside is free()'d. The old pointer is used in a comparison and
results in a read of memory that has been freed.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2011-05-19 16:48 kobaz Issue Deleted: 0019334
======================================================================
More information about the asterisk-bugs
mailing list