[asterisk-bugs] [JIRA] (ASTERISK-27229) Crash due to duplicate free in ast_bridge_update_talker_src_video_mode
Richard Kenner (JIRA)
noreply at issues.asterisk.org
Tue Aug 29 15:05:08 CDT 2017
Richard Kenner created ASTERISK-27229:
-----------------------------------------
Summary: Crash due to duplicate free in ast_bridge_update_talker_src_video_mode
Key: ASTERISK-27229
URL: https://issues.asterisk.org/jira/browse/ASTERISK-27229
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Core/Bridging
Affects Versions: 14.6.0
Environment: CentOS 7
Reporter: Richard Kenner
Severity: Critical
I've had two Asterisk crashes today that seem to be caused by errors
where chan->tech_pvt is pointing to something that can't be deallocated
and I think I see a reference count bug in the above function.
It contains:
if (data->chan_old_vsrc) {
ast_channel_unref(data->chan_old_vsrc);
}
Shouldn't this also have:
data->chan_old_vsrc = NULL;
It seems to me that if it doesn't and the next condition also isn't
true, then the next time this same code is executed, it'll decrement
the reference count of the old channel again, which is wrong since it
hasn't been decremented.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list