[asterisk-commits] coreyfarrell: branch 1.8 r427380 - in /branches/1.8: include/asterisk/ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Nov 6 03:05:34 CST 2014 

Author: coreyfarrell
Date: Thu Nov  6 03:05:18 2014
New Revision: 427380

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=427380
Log:
Fix unintential memory retention in stringfields.

* Fix missing / unreachable calls to __ast_string_field_release_active.
* Reset pool->used to zero when the current pool->active reaches zero.

ASTERISK-24307 #close
Reported by: Etienne Lessard
Tested by: ibercom, Etienne Lessard
Review: https://reviewboard.asterisk.org/r/4114/

Modified:
    branches/1.8/include/asterisk/stringfields.h
    branches/1.8/main/utils.c

Modified: branches/1.8/include/asterisk/stringfields.h
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/include/asterisk/stringfields.h?view=diff&rev=427380&r1=427379&r2=427380
==============================================================================
--- branches/1.8/include/asterisk/stringfields.h (original)
+++ branches/1.8/include/asterisk/stringfields.h Thu Nov  6 03:05:18 2014
@@ -319,14 +319,16 @@
 	const char *__d__ = (data);											\
 	size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1;								\
 	ast_string_field *__p__ = (ast_string_field *) (ptr);								\
+	ast_string_field target = *__p__;										\
 	if (__dlen__ == 1) {												\
 		__ast_string_field_release_active((x)->__field_mgr_pool, *__p__);					\
 		*__p__ = __ast_string_field_empty;									\
 	} else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) ||							\
 		   (!__ast_string_field_ptr_grow(&(x)->__field_mgr, &(x)->__field_mgr_pool, __dlen__, __p__)) ||	\
-		   (*__p__ = __ast_string_field_alloc_space(&(x)->__field_mgr, &(x)->__field_mgr_pool, __dlen__))) {	\
-		if (*__p__ != (*ptr)) {											\
-			__ast_string_field_release_active((x)->__field_mgr_pool, (*ptr));				\
+		   (target = __ast_string_field_alloc_space(&(x)->__field_mgr, &(x)->__field_mgr_pool, __dlen__))) {	\
+		if (target != *__p__) {											\
+			__ast_string_field_release_active((x)->__field_mgr_pool, *__p__);				\
+			*__p__ = target;										\
 		}													\
 		memcpy(* (void **) __p__, __d__, __dlen__);								\
 	}														\

Modified: branches/1.8/main/utils.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/main/utils.c?view=diff&rev=427380&r1=427379&r2=427380
==============================================================================
--- branches/1.8/main/utils.c (original)
+++ branches/1.8/main/utils.c Thu Nov  6 03:05:18 2014
@@ -1919,9 +1919,13 @@
 	for (pool = pool_head, prev = NULL; pool; prev = pool, pool = pool->prev) {
 		if ((ptr >= pool->base) && (ptr <= (pool->base + pool->size))) {
 			pool->active -= AST_STRING_FIELD_ALLOCATION(ptr);
-			if ((pool->active == 0) && prev) {
-				prev->prev = pool->prev;
-				ast_free(pool);
+			if (pool->active == 0) {
+				if (prev) {
+					prev->prev = pool->prev;
+					ast_free(pool);
+				} else {
+					pool->used = 0;
+				}
 			}
 			break;
 		}
@@ -1964,6 +1968,11 @@
 	res = vsnprintf(target, available, format, ap1);
 	if (res < 0) {
 		/* Are we out of memory? */
+		return;
+	}
+	if (res == 0) {
+		__ast_string_field_release_active(*pool_head, *ptr);
+		*ptr = __ast_string_field_empty;
 		return;
 	}
 	needed = (size_t)res + 1; /* NUL byte */

More information about the asterisk-commits mailing list