[Asterisk-code-review] astobj2.c: Fix core when ref_log enabled (asterisk[master])

Michael Bradeen asteriskteam at digium.com
Thu Nov 18 12:09:40 CST 2021 

Michael Bradeen has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/17552 )


Change subject: astobj2.c: Fix core when ref_log enabled
......................................................................

astobj2.c: Fix core when ref_log enabled

In the AO2_ALLOC_OPT_LOCK_NOLOCK case the referenced obj
structure is freed, but is then referenced later if ref_log is
enabled. The change is to store the obj->priv_data.options value
locally and reference it instead of the value from the freed obj

ASTERISK-29730

Change-Id: I60cc5dc1f5a4330e7ad56976fc38a42de0ab6072
---
M main/astobj2.c
1 file changed, 4 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/52/17552/1

diff --git a/main/astobj2.c b/main/astobj2.c
index ab8fb8b..b75c4d3 100644
--- a/main/astobj2.c
+++ b/main/astobj2.c
@@ -504,6 +504,7 @@
 	struct astobj2_lockobj *obj_lockobj;
 	int32_t current_value;
 	int32_t ret;
+	uint32_t privdataoptions;
 	struct ao2_weakproxy *weakproxy = NULL;
 	const char *lock_state;
 
@@ -621,6 +622,8 @@
 
 	/* In case someone uses an object after it's been freed */
 	obj->priv_data.magic = 0;
+	/* Save the options locally so the ref_log print at the end doesn't access freed data */
+	privdataoptions = obj->priv_data.options;
 
 	switch (obj->priv_data.options & AO2_ALLOC_OPT_LOCK_MASK) {
 	case AO2_ALLOC_OPT_LOCK_MUTEX:
@@ -655,7 +658,7 @@
 		break;
 	}
 
-	if (ref_log && !(obj->priv_data.options & AO2_ALLOC_OPT_NO_REF_DEBUG)) {
+	if (ref_log && !(privdataoptions & AO2_ALLOC_OPT_NO_REF_DEBUG)) {
 		fprintf(ref_log, "%p,%d,%d,%s,%d,%s,**destructor**lock-state:%s**,%s\n",
 			user_data, delta, ast_get_tid(), file, line, func, lock_state, tag ?: "");
 		fflush(ref_log);

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17552
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I60cc5dc1f5a4330e7ad56976fc38a42de0ab6072
Gerrit-Change-Number: 17552
Gerrit-PatchSet: 1
Gerrit-Owner: Michael Bradeen <mbradeen at sangoma.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20211118/8cc5e0d9/attachment-0001.html>

More information about the asterisk-code-review mailing list