[asterisk-commits] mmichelson: trunk r114113 - in /trunk: ./ apps/app_dial.c apps/app_queue.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Apr 14 11:25:09 CDT 2008
Author: mmichelson
Date: Mon Apr 14 11:25:09 2008
New Revision: 114113
URL: http://svn.digium.com/view/asterisk?view=rev&rev=114113
Log:
Merged revisions 114112 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r114112 | mmichelson | 2008-04-14 11:24:22 -0500 (Mon, 14 Apr 2008) | 9 lines
If the datastore has been moved to another channel due to a masquerade, then
freeing the datastore here causes an eventual double free when the new channel
hangs up. We should only free the datastore if we were able to successfully remove
it from the channel we are referencing (i.e. the datastore was not moved).
(closes issue #12359)
Reported by: pguido
........
Modified:
trunk/ (props changed)
trunk/apps/app_dial.c
trunk/apps/app_queue.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.
Modified: trunk/apps/app_dial.c
URL: http://svn.digium.com/view/asterisk/trunk/apps/app_dial.c?view=diff&rev=114113&r1=114112&r2=114113
==============================================================================
--- trunk/apps/app_dial.c (original)
+++ trunk/apps/app_dial.c Mon Apr 14 11:25:09 2008
@@ -1600,8 +1600,14 @@
time(&start_time);
peer = wait_for_answer(chan, outgoing, &to, peerflags, &pa, &num, &result);
- ast_channel_datastore_remove(chan, datastore);
- ast_channel_datastore_free(datastore);
+ /* The ast_channel_datastore_remove() function could fail here if the
+ * datastore was moved to another channel during a masquerade. If this is
+ * the case, don't free the datastore here because later, when the channel
+ * to which the datastore was moved hangs up, it will attempt to free this
+ * datastore again, causing a crash
+ */
+ if (!ast_channel_datastore_remove(chan, datastore))
+ ast_channel_datastore_free(datastore);
if (!peer) {
if (result) {
res = result;
Modified: trunk/apps/app_queue.c
URL: http://svn.digium.com/view/asterisk/trunk/apps/app_queue.c?view=diff&rev=114113&r1=114112&r2=114113
==============================================================================
--- trunk/apps/app_queue.c (original)
+++ trunk/apps/app_queue.c Mon Apr 14 11:25:09 2008
@@ -3252,8 +3252,13 @@
if (use_weight)
ao2_unlock(queues);
lpeer = wait_for_answer(qe, outgoing, &to, &digit, numbusies, ast_test_flag(&(bridge_config.features_caller), AST_FEATURE_DISCONNECT), forwardsallowed);
- if (datastore) {
- ast_channel_datastore_remove(qe->chan, datastore);
+ /* The ast_channel_datastore_remove() function could fail here if the
+ * datastore was moved to another channel during a masquerade. If this is
+ * the case, don't free the datastore here because later, when the channel
+ * to which the datastore was moved hangs up, it will attempt to free this
+ * datastore again, causing a crash
+ */
+ if (datastore && !ast_channel_datastore_remove(qe->chan, datastore)) {
ast_channel_datastore_free(datastore);
}
ao2_lock(qe->parent);
More information about the asterisk-commits
mailing list