[Asterisk-code-review] VECTOR: Passing parameters with side effects to macros is da... (asterisk[15])

Mon Jun 25 11:34:33 CDT 2018

George Joseph has submitted this change and it was merged. ( https://gerrit.asterisk.org/9274 )

Change subject: VECTOR: Passing parameters with side effects to macros is dangerous.
......................................................................

VECTOR: Passing parameters with side effects to macros is dangerous.

* Fix several instances where we were bumping a ref in the parameter and
then unrefing the object if it failed.  The way the AST_VECTOR_APPEND()
and AST_VECTOR_REPLACE() macros are implemented means if it fails the new
value was never evaluated.

Change-Id: I2847872a455b11ea7e5b7ce697c0a455a1d0ac9a
---
M bridges/bridge_softmix.c
M res/res_pjsip/pjsip_options.c
M res/res_pjsip_history.c
M res/res_pjsip_session.c
M res/stasis/messaging.c
5 files changed, 15 insertions(+), 7 deletions(-)

Approvals:
  George Joseph: Looks good to me, but someone else must approve; Approved for Submit
  Kevin Harwell: Looks good to me, approved

diff --git a/bridges/bridge_softmix.c b/bridges/bridge_softmix.c
index 46b27f1..249985a 100644
--- a/bridges/bridge_softmix.c
+++ b/bridges/bridge_softmix.c
@@ -2085,7 +2085,9 @@
 		}
 	}
 
-	if (AST_VECTOR_REPLACE(&softmix_data->remb_collectors, bridge_stream_position, ao2_bump(sc->remb_collector))) {
+	ao2_ref(sc->remb_collector, +1);
+	if (AST_VECTOR_REPLACE(&softmix_data->remb_collectors, bridge_stream_position,
+		sc->remb_collector)) {
 		ao2_ref(sc->remb_collector, -1);
 	}
 }
diff --git a/res/res_pjsip/pjsip_options.c b/res/res_pjsip/pjsip_options.c
index 134457d..8029167 100644
--- a/res/res_pjsip/pjsip_options.c
+++ b/res/res_pjsip/pjsip_options.c
@@ -1530,10 +1530,11 @@
 	ast_debug(3, "Adding endpoint compositor '%s' to AOR '%s'\n",
 		task_data->endpoint_state_compositor->name, task_data->aor_options->name);
 
+	ao2_ref(task_data->endpoint_state_compositor, +1);
 	if (AST_VECTOR_APPEND(&task_data->aor_options->compositors,
-		ao2_bump(task_data->endpoint_state_compositor))) {
+		task_data->endpoint_state_compositor)) {
 		/* Failed to add so no need to update the endpoint status.  Nothing changed. */
-		ao2_cleanup(task_data->endpoint_state_compositor);
+		ao2_ref(task_data->endpoint_state_compositor, -1);
 		return 0;
 	}
 
diff --git a/res/res_pjsip_history.c b/res/res_pjsip_history.c
index 37622e3..425ea16 100644
--- a/res/res_pjsip_history.c
+++ b/res/res_pjsip_history.c
@@ -1133,7 +1133,8 @@
 		} else if (!res) {
 			continue;
 		} else {
-			if (AST_VECTOR_APPEND(output, ao2_bump(entry))) {
+			ao2_bump(entry);
+			if (AST_VECTOR_APPEND(output, entry)) {
 				ao2_cleanup(entry);
 			}
 		}
diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index f8c1fcd..034d65e 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -251,7 +251,10 @@
 		struct ast_sip_session_media *session_media = AST_VECTOR_GET(&media_state->sessions, index);
 		enum ast_media_type type = ast_stream_get_type(ast_stream_topology_get_stream(cloned->topology, index));
 
-		AST_VECTOR_REPLACE(&cloned->sessions, index, ao2_bump(session_media));
+		ao2_bump(session_media);
+		if (AST_VECTOR_REPLACE(&cloned->sessions, index, session_media)) {
+			ao2_cleanup(session_media);
+		}
 		if (ast_stream_get_state(ast_stream_topology_get_stream(cloned->topology, index)) != AST_STREAM_STATE_REMOVED &&
 			!cloned->default_session[type]) {
 			cloned->default_session[type] = session_media;
diff --git a/res/stasis/messaging.c b/res/stasis/messaging.c
index 77a5874..a7716b8 100644
--- a/res/stasis/messaging.c
+++ b/res/stasis/messaging.c
@@ -457,8 +457,9 @@
 		ao2_link(endpoint_subscriptions, sub);
 	} else {
 		ast_rwlock_wrlock(&tech_subscriptions_lock);
-		if (AST_VECTOR_APPEND(&tech_subscriptions, ao2_bump(sub))) {
-			/* Release the ao2_bump that was for the vector and allocation references. */
+		ao2_ref(sub, +1);
+		if (AST_VECTOR_APPEND(&tech_subscriptions, sub)) {
+			/* Release the refs that were for the vector and the allocation. */
 			ao2_ref(sub, -2);
 			sub = NULL;
 		}

-- 
To view, visit https://gerrit.asterisk.org/9274
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: merged
Gerrit-Change-Id: I2847872a455b11ea7e5b7ce697c0a455a1d0ac9a
Gerrit-Change-Number: 9274
Gerrit-PatchSet: 1
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180625/2dc88b33/attachment.html>
