[asterisk-dev] Re: Is this a bug in frame.c?

Slav Klenov slav at securax.org
Thu Jun 8 10:48:54 MST 2006


Sorry, I made a mistake in my original message - I wanted to say: 
"theres still a problem when the frame header was already allocated 
(before this call) and the data allocation fails".
I think it looks OK now - as far as the function call is about to fail 
it should release all (and only) the memory it allocated.

PS: Today I suddenly stopped receiving messages from all the digium 
lists I subscribed to. I have to check the archives on the web now... My 
mail server was down for several hours yesterday in the evening - this 
maybe caused digium server to stop sending me mails. Is there something 
I can do to fix this (something different than unsibscribe/subscribe 
again...)?

Slav


----- Russell Bryant <russell at digium.com 
<http://lists.digium.com/mailman/listinfo/asterisk-dev>> wrote:
 > Index: frame.c
 > ===================================================================
 > --- frame.c     (revision 32817)
 > +++ frame.c     (working copy)
 > @@ -324,15 +324,24 @@
 >                 out = fr;
 >
 >         if (!(fr->mallocd & AST_MALLOCD_SRC)) {
 > -               if (fr->src)
 > -                       out->src = strdup(fr->src);
 > +               if (fr->src) {
 > +                       if (!(out->src = strdup(fr->src))) {
 > +                               if (fr != out)
 > +                                       free(out);
 > +                               ast_log(LOG_ERROR, "Memory allocation 
error\n");
 > +                               return NULL;
 > +                       }
 > +               }
 >         } else
 >                 out->src = fr->src;
 >
 >         if (!(fr->mallocd & AST_MALLOCD_DATA))  {
 >                 newdata = malloc(fr->datalen + AST_FRIENDLY_OFFSET);
 >                 if (!newdata) {
 > -                       free(out);
 > +                       if (fr->src != out->src)
 > +                               free((char *) out->src);
 > +                       if (fr != out)
 > +                               free(out);
 >                         ast_log(LOG_WARNING, "Out of memory\n");
 >                         return NULL;
 >                 }
 >
 > 
 >
 > and for trunk ...
 >
 > Index: frame.c
 > ===================================================================
 > --- frame.c     (revision 32919)
 > +++ frame.c     (working copy)
 > @@ -328,14 +328,21 @@
 >                 out = fr;
 >
 >         if (!(fr->mallocd & AST_MALLOCD_SRC)) {
 > -               if (fr->src)
 > -                       out->src = strdup(fr->src);
 > +               if (fr->src) {
 > +                       if (!(out->src = ast_strdup(fr->src))) {
 > +                               if (out != fr)
 > +                                       free(out);
 > +                       }
 > +               }
 >         } else
 >                 out->src = fr->src;
 >
 >         if (!(fr->mallocd & AST_MALLOCD_DATA))  {
 >                 if (!(newdata = ast_malloc(fr->datalen + 
AST_FRIENDLY_OFFSET))) {
 > -                       free(out);
 > +                       if (fr->src != out->src)
 > +                               free((char *) out->src);
 > +                       if (fr != out)
 > +                               free(out);
 >                         return NULL;
 >                 }
 >                 newdata += AST_FRIENDLY_OFFSET;
 >



More information about the asterisk-dev mailing list