[asterisk-commits] jpeeler: branch 1.4 r231911 - /branches/1.4/main/channel.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Dec 1 15:29:39 CST 2009
Author: jpeeler
Date: Tue Dec 1 15:29:31 2009
New Revision: 231911
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=231911
Log:
Fix crash with invalid frame data
The crash was happening as a result of a frame containing an invalid data
pointer, but was set with data length of zero. The few times the issue was
reproduced it _seemed_ that the frame was queued properly, that is the data
pointer was set to NULL. I never could reproduce the crash so as a last resort
the crash has been fixed, but a check in __ast_read has been added to give as
much information about the source of problematic frames in the future.
(closes issue #16058)
Reported by: atis
Modified:
branches/1.4/main/channel.c
Modified: branches/1.4/main/channel.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.4/main/channel.c?view=diff&rev=231911&r1=231910&r2=231911
==============================================================================
--- branches/1.4/main/channel.c (original)
+++ branches/1.4/main/channel.c Tue Dec 1 15:29:31 2009
@@ -2513,6 +2513,17 @@
ast_frame_dump(chan->name, f, "<<");
chan->fin = FRAMECOUNT_INC(chan->fin);
+ if (f && f->datalen == 0 && f->data) {
+ /* fix invalid pointer */
+ f->data = NULL;
+#ifdef AST_DEVMODE
+ ast_log(LOG_ERROR, "Found frame with src '%s' with datalen zero, but non-null data pointer!\n", f->src);
+ ast_frame_dump(chan->name, f, "<<");
+#else
+ ast_debug(3, "Found frame with src '%s' on channel '%s' with datalen zero, but non-null data pointer!\n", f->src, chan->name);
+#endif
+ }
+
done:
ast_channel_unlock(chan);
return f;
More information about the asterisk-commits
mailing list