[asterisk-dev] [Code Review] Fix crash due to new end_bridge_callback code
mmichelson at digium.com
Thu Nov 13 10:49:03 CST 2008
Sean Bright wrote:
> Mark Michelson wrote:
>> There was a bug introduced with the new end_bridge_callback code that caused
> ... snip ...
> First off - Sorry! :)
> Secondly, it seems strange to me (admittedly I don't completely understand
> trampolines as implemented by GCC) that this would cause a crash whereas the old
> method utilizing the nested function would not. Could you explain, for my own
> education, why it was not problematic in the nested function implementation?
As far as I understand, the nested function implementation was just as
vulnerable. I just didn't discover this crash until after nested functions were
removed from the code. :)
> Also, app_followme also uses the end_bridge_callback, is this also going to be a
> problem in that code?
Yes, it looks like app_followme.c suffers from the same potential problem since
the end_bridge_callback_data refers to a saved ast_channel pointer. I will add a
similar fixup function to the diff for it as well.
Thanks for the feedback.
More information about the asterisk-dev