[asterisk-commits] mmichelson: branch 1.4 r114112 - in /branches/1.4/apps: app_dial.c app_queue.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Apr 14 11:24:23 CDT 2008


Author: mmichelson
Date: Mon Apr 14 11:24:22 2008
New Revision: 114112

URL: http://svn.digium.com/view/asterisk?view=rev&rev=114112
Log:
If the datastore has been moved to another channel due to a masquerade, then
freeing the datastore here causes an eventual double free when the new channel
hangs up. We should only free the datastore if we were able to successfully remove
it from the channel we are referencing (i.e. the datastore was not moved).

(closes issue #12359)
Reported by: pguido


Modified:
    branches/1.4/apps/app_dial.c
    branches/1.4/apps/app_queue.c

Modified: branches/1.4/apps/app_dial.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_dial.c?view=diff&rev=114112&r1=114111&r2=114112
==============================================================================
--- branches/1.4/apps/app_dial.c (original)
+++ branches/1.4/apps/app_dial.c Mon Apr 14 11:24:22 2008
@@ -1320,8 +1320,14 @@
 	time(&start_time);
 	peer = wait_for_answer(chan, outgoing, &to, peerflags, &sentringing, status, sizeof(status), numbusy, numnochan, numcongestion, ast_test_flag(&opts, OPT_PRIORITY_JUMP), &result);
 
-	ast_channel_datastore_remove(chan, datastore);
-	ast_channel_datastore_free(datastore);
+	/* The ast_channel_datastore_remove() function could fail here if the
+	 * datastore was moved to another channel during a masquerade. If this is
+	 * the case, don't free the datastore here because later, when the channel
+	 * to which the datastore was moved hangs up, it will attempt to free this
+	 * datastore again, causing a crash
+	 */
+	if (!ast_channel_datastore_remove(chan, datastore))
+		ast_channel_datastore_free(datastore);
 	if (!peer) {
 		if (result) {
 			res = result;

Modified: branches/1.4/apps/app_queue.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_queue.c?view=diff&rev=114112&r1=114111&r2=114112
==============================================================================
--- branches/1.4/apps/app_queue.c (original)
+++ branches/1.4/apps/app_queue.c Mon Apr 14 11:24:22 2008
@@ -2753,8 +2753,13 @@
 	if (use_weight)
 		AST_LIST_UNLOCK(&queues);
 	lpeer = wait_for_answer(qe, outgoing, &to, &digit, numbusies, ast_test_flag(&(bridge_config.features_caller), AST_FEATURE_DISCONNECT), forwardsallowed);
-	if (datastore) {
-		ast_channel_datastore_remove(qe->chan, datastore);
+	/* The ast_channel_datastore_remove() function could fail here if the
+	 * datastore was moved to another channel during a masquerade. If this is
+	 * the case, don't free the datastore here because later, when the channel
+	 * to which the datastore was moved hangs up, it will attempt to free this
+	 * datastore again, causing a crash
+	 */
+	if (datastore && !ast_channel_datastore_remove(qe->chan, datastore)) {
 		ast_channel_datastore_free(datastore);
 	}
 	ast_mutex_lock(&qe->parent->lock);




More information about the asterisk-commits mailing list