[asterisk-dev] [Code Review] Make AST_LIST_REMOVE safer

Terry Wilson reviewboard at asterisk.org
Fri Jul 15 14:50:49 CDT 2011


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1321/
-----------------------------------------------------------

(Updated July 15, 2011, 2:50 p.m.)


Review request for Asterisk Developers.


Changes
-------

Try out dvossel's suggestion, but adding a temporary variable to avoid the compiler warning so we can see if we like that better. Also, reorder the AST_LIST_REMOVE test calls so we delete from the beginning, middle, and end of the list as per rmudgett's suggestion.


Summary
-------

AST_LIST_REMOVE sometimes modifies elements that are passed in for comparison, even if they aren't actually found in the list. There are three cases where this can happen. 1) The element is set to NULL in which case Asterisk will crash or 2) The element is a previously freed element in which case Asterisk may crash or 3) The element is a valid element, but not in the list in which case Asterisk will happily set that elements 'next' pointer to NULL effectively truncating whatever list it may have been a member of.

I will make comments for each of the changes in-line.


This addresses bug ASTERISK-17917.
    https://issues.asterisk.org/jira/browse/ASTERISK-17917


Diffs (updated)
-----

  /branches/1.8/include/asterisk/linkedlists.h 328380 
  /branches/1.8/tests/test_linkedlists.c PRE-CREATION 

Diff: https://reviewboard.asterisk.org/r/1321/diff


Testing
-------

This also adds a set of linked list tests. Asterisk would crash when the test was run on the old code, and does not do so with the new. All tests pass.


Thanks,

Terry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110715/01b0008f/attachment.htm>


More information about the asterisk-dev mailing list