[asterisk-commits] bridge.c: NULL app causes crash during attended transfer (asterisk[certified/13.1])

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu May 7 15:22:24 CDT 2015 

Joshua Colp has submitted this change and it was merged.

Change subject: bridge.c: NULL app causes crash during attended transfer
......................................................................


bridge.c: NULL app causes crash during attended transfer

Due to a race condition there was a chance that during an attended transfer the
channel's application would return NULL. This, of course, would cause a crash
when attempting to access the memory. This patch retrieves the channel's app
at an earlier time in processing in hopes that the app name is available.
However, if it is not then "unknown" is used instead. Since some string value
is now always present the crash can no longer occur.

ASTERISK-24869 #close
Reported by: viniciusfontes
Review:

Change-Id: I5134b84c4524906d8148817719d76ffb306488ac
---
M main/bridge.c
1 file changed, 6 insertions(+), 1 deletion(-)

Approvals:
  Richard Mudgett: Looks good to me, but someone else must approve
  Joshua Colp: Looks good to me, approved; Verified



diff --git a/main/bridge.c b/main/bridge.c
index be4088a..00ea602 100644
--- a/main/bridge.c
+++ b/main/bridge.c
@@ -4486,6 +4486,12 @@
 	chan_bridged = to_transferee_bridge ? to_transferee : to_transfer_target;
 	chan_unbridged = to_transferee_bridge ? to_transfer_target : to_transferee;
 
+	/*
+	 * Race condition makes it possible for app to be NULL, so get the app prior to
+	 * transferring with a fallback of "unknown".
+	 */
+	app = ast_strdupa(ast_channel_appl(chan_unbridged) ?: "unknown");
+
 	{
 		int chan_count;
 		SCOPED_LOCK(lock, the_bridge, ast_bridge_lock, ast_bridge_unlock);
@@ -4527,7 +4533,6 @@
 		goto end;
 	}
 
-	app = ast_strdupa(ast_channel_appl(chan_unbridged));
 	if (bridge_channel_internal_queue_attended_transfer(transferee, chan_unbridged)) {
 		res = AST_BRIDGE_TRANSFER_FAIL;
 		goto end;

-- 
To view, visit https://gerrit.asterisk.org/398
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5134b84c4524906d8148817719d76ffb306488ac
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: certified/13.1
Gerrit-Owner: Matt Jordan <mjordan at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>

More information about the asterisk-commits mailing list