[Asterisk-code-review] astobj2.c: Fix core when ref_log enabled (asterisk[master])

Joshua Colp asteriskteam at digium.com
Fri Nov 19 09:54:10 CST 2021 

Joshua Colp has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/17552 )

Change subject: astobj2.c: Fix core when ref_log enabled
......................................................................

astobj2.c: Fix core when ref_log enabled

In the AO2_ALLOC_OPT_LOCK_NOLOCK case the referenced obj
structure is freed, but is then referenced later if ref_log is
enabled. The change is to store the obj->priv_data.options value
locally and reference it instead of the value from the freed obj

ASTERISK-29730

Change-Id: I60cc5dc1f5a4330e7ad56976fc38a42de0ab6072
---
M main/astobj2.c
1 file changed, 4 insertions(+), 1 deletion(-)

Approvals:
  George Joseph: Looks good to me, approved
  Joshua Colp: Approved for Submit



diff --git a/main/astobj2.c b/main/astobj2.c
index ab8fb8b..b75c4d3 100644
--- a/main/astobj2.c
+++ b/main/astobj2.c
@@ -504,6 +504,7 @@
 	struct astobj2_lockobj *obj_lockobj;
 	int32_t current_value;
 	int32_t ret;
+	uint32_t privdataoptions;
 	struct ao2_weakproxy *weakproxy = NULL;
 	const char *lock_state;
 
@@ -621,6 +622,8 @@
 
 	/* In case someone uses an object after it's been freed */
 	obj->priv_data.magic = 0;
+	/* Save the options locally so the ref_log print at the end doesn't access freed data */
+	privdataoptions = obj->priv_data.options;
 
 	switch (obj->priv_data.options & AO2_ALLOC_OPT_LOCK_MASK) {
 	case AO2_ALLOC_OPT_LOCK_MUTEX:
@@ -655,7 +658,7 @@
 		break;
 	}
 
-	if (ref_log && !(obj->priv_data.options & AO2_ALLOC_OPT_NO_REF_DEBUG)) {
+	if (ref_log && !(privdataoptions & AO2_ALLOC_OPT_NO_REF_DEBUG)) {
 		fprintf(ref_log, "%p,%d,%d,%s,%d,%s,**destructor**lock-state:%s**,%s\n",
 			user_data, delta, ast_get_tid(), file, line, func, lock_state, tag ?: "");
 		fflush(ref_log);

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17552
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I60cc5dc1f5a4330e7ad56976fc38a42de0ab6072
Gerrit-Change-Number: 17552
Gerrit-PatchSet: 2
Gerrit-Owner: Michael Bradeen <mbradeen at sangoma.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20211119/7784b6ff/attachment.html>

More information about the asterisk-code-review mailing list