[asterisk-commits] rmudgett: branch 1.8 r308903 - /branches/1.8/main/channel.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Feb 24 15:38:45 CST 2011 

Author: rmudgett
Date: Thu Feb 24 15:38:41 2011
New Revision: 308903

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=308903
Log:
Invalid read in ast_channel_set_caller_event().

Valgrind reported that ast_channel_set_caller_event() was reading data
from a freed buffer when using the pre_set structure.

Rearange things to pre-calculate the name and number pointer before
updating the caller party structure to see if the name or number was
changed.

Modified:
    branches/1.8/main/channel.c

Modified: branches/1.8/main/channel.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/main/channel.c?view=diff&rev=308903&r1=308902&r2=308903
==============================================================================
--- branches/1.8/main/channel.c (original)
+++ branches/1.8/main/channel.c Thu Feb 24 15:38:41 2011
@@ -6641,7 +6641,8 @@
 
 void ast_channel_set_caller_event(struct ast_channel *chan, const struct ast_party_caller *caller, const struct ast_set_party_caller *update)
 {
-	struct ast_party_caller pre_set;
+	const char *pre_set_number;
+	const char *pre_set_name;
 
 	if (&chan->caller == caller) {
 		/* Don't set to self */
@@ -6649,12 +6650,14 @@
 	}
 
 	ast_channel_lock(chan);
-	pre_set = chan->caller;
+	pre_set_number =
+		S_COR(chan->caller.id.number.valid, chan->caller.id.number.str, NULL);
+	pre_set_name = S_COR(chan->caller.id.name.valid, chan->caller.id.name.str, NULL);
 	ast_party_caller_set(&chan->caller, caller, update);
-	if (S_COR(pre_set.id.number.valid, pre_set.id.number.str, NULL)
-			!= S_COR(chan->caller.id.number.valid, chan->caller.id.number.str, NULL)
-		|| S_COR(pre_set.id.name.valid, pre_set.id.name.str, NULL)
-			!= S_COR(chan->caller.id.name.valid, chan->caller.id.name.str, NULL)) {
+	if (S_COR(chan->caller.id.number.valid, chan->caller.id.number.str, NULL)
+			!= pre_set_number
+		|| S_COR(chan->caller.id.name.valid, chan->caller.id.name.str, NULL)
+			!= pre_set_name) {
 		/* The caller id name or number changed. */
 		report_new_callerid(chan);
 	}

More information about the asterisk-commits mailing list