[asterisk-bugs] [JIRA] (ASTERISK-27229) Crash due to duplicate free in ast_bridge_update_talker_src_video_mode
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Tue Aug 29 15:05:09 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238308#comment-238308 ]
Asterisk Team commented on ASTERISK-27229:
------------------------------------------
Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.
A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.
Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].
> Crash due to duplicate free in ast_bridge_update_talker_src_video_mode
> ----------------------------------------------------------------------
>
> Key: ASTERISK-27229
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27229
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/Bridging
> Affects Versions: 14.6.0
> Environment: CentOS 7
> Reporter: Richard Kenner
> Severity: Critical
>
> I've had two Asterisk crashes today that seem to be caused by errors
> where chan->tech_pvt is pointing to something that can't be deallocated
> and I think I see a reference count bug in the above function.
> It contains:
> if (data->chan_old_vsrc) {
> ast_channel_unref(data->chan_old_vsrc);
> }
> Shouldn't this also have:
> data->chan_old_vsrc = NULL;
> It seems to me that if it doesn't and the next condition also isn't
> true, then the next time this same code is executed, it'll decrement
> the reference count of the old channel again, which is wrong since it
> hasn't been decremented.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list