[asterisk-commits] seanbright: branch 1.6.2 r323579 - in /branches/1.6.2: ./ main/manager.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Jun 15 10:22:56 CDT 2011 

Author: seanbright
Date: Wed Jun 15 10:22:50 2011
New Revision: 323579

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=323579
Log:
Merged revisions 323559 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
  r323559 | seanbright | 2011-06-15 11:15:30 -0400 (Wed, 15 Jun 2011) | 25 lines
  
  Resolve a segfault/bus error when we try to map memory that falls on a page
  boundary.
  
  The fix for ASTERISK-15359 was incorrect in that it added 1 to the length of the
  mmap'd region.  The problem with this is that reading/writing to that extra byte
  outside of the bounds of the underlying fd causes a bus error.
  
  The real issue is that we are working with both a FILE * and the raw fd
  underneath it and not synchronizing between them.  The code that was removed in
  ASTERISK-15359 was correct, but we weren't flushing the FILE * before mapping
  the fd.
  
  Looking at the manager code in 1.4 reveals that the FILE * in 'struct
  mansession' is never used except to create a temporary file that we immediately
  fdopen.  This means we just need to write a 0 byte to the fd and everything will
  just work.  The other branches require a call to fflush() which, while not a
  guaranteed fix, should reduce the likelihood of a crash.
  
  This all makes sense in my head.
  
  (closes issue ASTERISK-16460)
  Reported by: Ravelomanantsoa Hoby (hoby)
  Patches:
  		issue17747_1.4_svn_markII.patch uploaded by Sean Bright (license #5060)
........

Modified:
    branches/1.6.2/   (props changed)
    branches/1.6.2/main/manager.c

Propchange: branches/1.6.2/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.

Modified: branches/1.6.2/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.6.2/main/manager.c?view=diff&rev=323579&r1=323578&r2=323579
==============================================================================
--- branches/1.6.2/main/manager.c (original)
+++ branches/1.6.2/main/manager.c Wed Jun 15 10:22:50 2011
@@ -4051,8 +4051,12 @@
 		char *buf;
 		size_t l;
 
+		/* Ensure buffer is NULL-terminated */
+		fprintf(s.f, "%c", 0);
+		fflush(s.f);
+
 		if ((l = ftell(s.f))) {
-			if (MAP_FAILED == (buf = mmap(NULL, l + 1, PROT_READ | PROT_WRITE, MAP_PRIVATE, s.fd, 0))) {
+			if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, s.fd, 0))) {
 				ast_log(LOG_WARNING, "mmap failed.  Manager output was not processed\n");
 			} else {
 				buf[l] = '\0';
@@ -4061,13 +4065,14 @@
 				} else {
 					ast_str_append(&out, 0, "%s", buf);
 				}
-				munmap(buf, l + 1);
+				munmap(buf, l);
 			}
 		} else if (format == FORMAT_XML || format == FORMAT_HTML) {
 			xml_translate(&out, "", params, format);
 		}
 		fclose(s.f);
 		s.f = NULL;
+		close(s.fd);
 		s.fd = -1;
 	}

More information about the asterisk-commits mailing list