[asterisk-dev] [Code Review] Don't read past then end of our int when calling write() in __ast_queue_frame

Terry Wilson reviewboard at asterisk.org
Fri Nov 11 22:25:01 CST 2011

This is an automatically generated e-mail. To reply, visit:

Review request for Asterisk Developers.


int blah = 1;
write(chan->alertpipe[1], &blah, new_frames * sizeof(blah)) != (new_frames * sizeof(blah)))

is only valid when new_frames == 1. Otherwise we start reading into adjacent variables declared on the stack. The read end discards what is read, so the values don't matter but it's not a good idea to read past where we want event though new_frames is almost always 1 and should never be large. This patch is basically taken out of kpfleming's eventfd branch, as he mentioned that he remembered fixing it there when I talked to him about this issue.

Another thing that could be done is to change blah to a char[] here and where we read from the alertpipe. There is no reason to write four bytes when we could just write one, but I can address that in a later patch.


  /branches/1.8/main/channel.c 344438 

Diff: https://reviewboard.asterisk.org/r/1583/diff


It compiles. Calls still seem to work.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20111112/be6ac023/attachment.htm>

More information about the asterisk-dev mailing list