[asterisk-commits] alecdavis: branch 1.6.2 r253492 - in /branches/1.6.2: ./ main/astobj2.c

Fri Mar 19 03:05:10 CDT 2010

Author: alecdavis
Date: Fri Mar 19 03:05:06 2010
New Revision: 253492

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=253492
Log:
Merged revisions 253490 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

........
  r253490 | alecdavis | 2010-03-19 20:37:00 +1300 (Fri, 19 Mar 2010) | 19 lines
  
  prevent segfault if bad magic number is encountered.
  
  internal_ao2_ref uses INTERNAL_OBJ which mzy report 'bad magic number', but
  internal_ao2_ref continues on, causing segfault.
  
  Although AO2_MAGIC number is checked by INTERNAL_OBJ before internal_ao2_ref is
  called, A02_MAGIC is being destroyed (or a wrong pointer) by the time
  internal_ao2_ref uses INTERNAL_OBJ.
  
  internal_ao2_ref now returns -1 if INTERNAL_OBJ encouters a bad magic number.
  
  (issue #17037)
  Reported by: alecdavis
  Patches:
        bug17037.diff.txt uploaded by alecdavis (license 585)
  Tested by: alecdavis
........

Modified:
    branches/1.6.2/   (props changed)
    branches/1.6.2/main/astobj2.c

Propchange: branches/1.6.2/
------------------------------------------------------------------------------
Binary property 'trunk-merged' - no diff available.

Modified: branches/1.6.2/main/astobj2.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.6.2/main/astobj2.c?view=diff&rev=253492&r1=253491&r2=253492
==============================================================================

--- branches/1.6.2/main/astobj2.c (original)
+++ branches/1.6.2/main/astobj2.c Fri Mar 19 03:05:06 2010
@@ -261,6 +261,9 @@
 	struct astobj2 *obj = INTERNAL_OBJ(user_data);
 	int current_value;
 	int ret;
+
+	if (obj == NULL)
+		return -1;
 
 	/* if delta is 0, just return the refcount */
 	if (delta == 0)
@@ -498,7 +501,7 @@
 	struct bucket_list *p;
 	struct astobj2 *obj = INTERNAL_OBJ(user_data);
 
-	if (!obj)
+	if (obj == NULL)
 		return NULL;
 
 	if (INTERNAL_OBJ(c) == NULL)


