[Asterisk-code-review] res pjsip session: Fix multiple leaks. (asterisk[master])

Joshua Colp asteriskteam at digium.com
Thu Nov 9 03:43:59 CST 2017 

Joshua Colp has submitted this change and it was merged. ( https://gerrit.asterisk.org/7084 )

Change subject: res_pjsip_session: Fix multiple leaks.
......................................................................

res_pjsip_session: Fix multiple leaks.

* Pre-initialize cloned media state vectors to final size to ensure
  vector errors cannot happen later in the clone initialization.
* Release session_media on vector replace failure in
  ast_sip_session_media_state_add.
* Release clone and media_state in ast_sip_session_refresh if we fail to
  append to the stream topology, return an error.

Change-Id: Ib5ffc9b198683fa7e9bf166d74d30c1334c23acb
---
M res/res_pjsip_session.c
1 file changed, 23 insertions(+), 6 deletions(-)

Approvals:
  Richard Mudgett: Looks good to me, but someone else must approve
  Joshua Colp: Looks good to me, approved; Approved for Submit



diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index 4724d46..dda0421 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -174,7 +174,8 @@
 	ao2_callback_data(sdp_handlers, OBJ_KEY | OBJ_UNLINK | OBJ_NODATA, remove_handler, (void *)stream_type, handler);
 }
 
-struct ast_sip_session_media_state *ast_sip_session_media_state_alloc(void)
+static struct ast_sip_session_media_state *internal_sip_session_media_state_alloc(
+	size_t sessions, size_t read_callbacks)
 {
 	struct ast_sip_session_media_state *media_state;
 
@@ -183,18 +184,24 @@
 		return NULL;
 	}
 
-	if (AST_VECTOR_INIT(&media_state->sessions, DEFAULT_NUM_SESSION_MEDIA) < 0) {
+	if (AST_VECTOR_INIT(&media_state->sessions, sessions) < 0) {
 		ast_free(media_state);
 		return NULL;
 	}
 
-	if (AST_VECTOR_INIT(&media_state->read_callbacks, DEFAULT_NUM_SESSION_MEDIA) < 0) {
+	if (AST_VECTOR_INIT(&media_state->read_callbacks, read_callbacks) < 0) {
 		AST_VECTOR_FREE(&media_state->sessions);
 		ast_free(media_state);
 		return NULL;
 	}
 
 	return media_state;
+}
+
+struct ast_sip_session_media_state *ast_sip_session_media_state_alloc(void)
+{
+	return internal_sip_session_media_state_alloc(
+		DEFAULT_NUM_SESSION_MEDIA, DEFAULT_NUM_SESSION_MEDIA);
 }
 
 void ast_sip_session_media_state_reset(struct ast_sip_session_media_state *media_state)
@@ -225,7 +232,9 @@
 		return NULL;
 	}
 
-	cloned = ast_sip_session_media_state_alloc();
+	cloned = internal_sip_session_media_state_alloc(
+		AST_VECTOR_SIZE(&media_state->sessions),
+		AST_VECTOR_SIZE(&media_state->read_callbacks));
 	if (!cloned) {
 		return NULL;
 	}
@@ -452,7 +461,11 @@
 		}
 	}
 
-	AST_VECTOR_REPLACE(&media_state->sessions, position, session_media);
+	if (AST_VECTOR_REPLACE(&media_state->sessions, position, session_media)) {
+		ao2_ref(session_media, -1);
+
+		return NULL;
+	}
 
 	/* If this stream will be active in some way and it is the first of this type then consider this the default media session to match */
 	if (!media_state->default_session[type] && ast_stream_get_state(ast_stream_topology_get_stream(media_state->topology, position)) != AST_STREAM_STATE_REMOVED) {
@@ -1588,7 +1601,11 @@
 					}
 
 					ast_stream_set_state(cloned, AST_STREAM_STATE_REMOVED);
-					ast_stream_topology_append_stream(media_state->topology, cloned);
+					if (ast_stream_topology_append_stream(media_state->topology, cloned) < 0) {
+						ast_stream_free(cloned);
+						ast_sip_session_media_state_free(media_state);
+						return -1;
+					}
 				}
 
 				/* If the resulting media state matches the existing active state don't bother doing a session refresh */

-- 
To view, visit https://gerrit.asterisk.org/7084
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib5ffc9b198683fa7e9bf166d74d30c1334c23acb
Gerrit-Change-Number: 7084
Gerrit-PatchSet: 3
Gerrit-Owner: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171109/61aae3e5/attachment.html>

More information about the asterisk-code-review mailing list