[asterisk-commits] rmudgett: trunk r308904 - in /trunk: ./ main/channel.c

[SVN commits to the Asterisk project]

Author: rmudgett
Date: Thu Feb 24 15:43:32 2011
New Revision: 308904

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=308904
Log:
Merged revisions 308903 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.8

........
  r308903 | rmudgett | 2011-02-24 15:38:41 -0600 (Thu, 24 Feb 2011) | 9 lines
  
  Invalid read in ast_channel_set_caller_event().
  
  Valgrind reported that ast_channel_set_caller_event() was reading data
  from a freed buffer when using the pre_set structure.
  
  Rearange things to pre-calculate the name and number pointer before
  updating the caller party structure to see if the name or number was
  changed.
........

Modified:
    trunk/   (props changed)
    trunk/main/channel.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Modified: trunk/main/channel.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/channel.c?view=diff&rev=308904&r1=308903&r2=308904
==============================================================================
--- trunk/main/channel.c (original)
+++ trunk/main/channel.c Thu Feb 24 15:43:32 2011
@@ -6799,7 +6799,8 @@
 
 void ast_channel_set_caller_event(struct ast_channel *chan, const struct ast_party_caller *caller, const struct ast_set_party_caller *update)
 {
-	struct ast_party_caller pre_set;
+	const char *pre_set_number;
+	const char *pre_set_name;
 
 	if (&chan->caller == caller) {
 		/* Don't set to self */
@@ -6807,12 +6808,14 @@
 	}
 
 	ast_channel_lock(chan);
-	pre_set = chan->caller;
+	pre_set_number =
+		S_COR(chan->caller.id.number.valid, chan->caller.id.number.str, NULL);
+	pre_set_name = S_COR(chan->caller.id.name.valid, chan->caller.id.name.str, NULL);
 	ast_party_caller_set(&chan->caller, caller, update);
-	if (S_COR(pre_set.id.number.valid, pre_set.id.number.str, NULL)
-			!= S_COR(chan->caller.id.number.valid, chan->caller.id.number.str, NULL)
-		|| S_COR(pre_set.id.name.valid, pre_set.id.name.str, NULL)
-			!= S_COR(chan->caller.id.name.valid, chan->caller.id.name.str, NULL)) {
+	if (S_COR(chan->caller.id.number.valid, chan->caller.id.number.str, NULL)
+			!= pre_set_number
+		|| S_COR(chan->caller.id.name.valid, chan->caller.id.name.str, NULL)
+			!= pre_set_name) {
 		/* The caller id name or number changed. */
 		report_new_callerid(chan);
 	}