[asterisk-dev] [Code Review]: Make AST_LIST_REMOVE safer

Fri Jul 15 14:08:57 CDT 2011

> On July 15, 2011, 1:58 p.m., David Vossel wrote:
> > /branches/1.8/include/asterisk/linkedlists.h, lines 839-852
> > <https://reviewboard.asterisk.org/r/1321/diff/2/?file=17551#file17551line839>
> >
> >     These two changes could be avoided by a catch all at the beginning of the macro.
> >     
> >     if (!elm) {
> >         __res = elm
> >     } else if (head->first == (elm))
> >     ...
> >     } else {
> >     ...
> >     }
> >     
> >     
> >     if (__res) {
> >     ...
> >     {
> >     
> >     (__res);

Except elm might be something like &blah which as an address will alway evaluate to true and make the compiler throw a warning. I could get around that by declaring another variable to point to elm...but, eh.

- Terry

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1321/#review3881
-----------------------------------------------------------

On July 15, 2011, 1:36 p.m., Terry Wilson wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1321/
> -----------------------------------------------------------
> 
> (Updated July 15, 2011, 1:36 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> AST_LIST_REMOVE sometimes modifies elements that are passed in for comparison, even if they aren't actually found in the list. There are three cases where this can happen. 1) The element is set to NULL in which case Asterisk will crash or 2) The element is a previously freed element in which case Asterisk may crash or 3) The element is a valid element, but not in the list in which case Asterisk will happily set that elements 'next' pointer to NULL effectively truncating whatever list it may have been a member of.
> 
> I will make comments for each of the changes in-line.
> 
> 
> This addresses bug ASTERISK-17917.
>     https://issues.asterisk.org/jira/browse/ASTERISK-17917
> 
> 
> Diffs
> -----
> 
>   /branches/1.8/include/asterisk/linkedlists.h 328380 
>   /branches/1.8/tests/test_linkedlists.c PRE-CREATION 
> 
> Diff: https://reviewboard.asterisk.org/r/1321/diff
> 
> 
> Testing
> -------
> 
> This also adds a set of linked list tests. Asterisk would crash when the test was run on the old code, and does not do so with the new. All tests pass.
> 
> 
> Thanks,
> 
> Terry
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110715/0505a762/attachment.htm>