[asterisk-dev] [Code Review] 4162: pbx: Fix crash in off-nominal when add_priority encounters a failure.
Mark Michelson
reviewboard at asterisk.org
Tue Nov 11 12:28:54 CST 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4162/#review13721
-----------------------------------------------------------
Ship it!
Ship It!
- Mark Michelson
On Nov. 10, 2014, 2:06 p.m., Joshua Colp wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4162/
> -----------------------------------------------------------
>
> (Updated Nov. 10, 2014, 2:06 p.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Bugs: ASTERISK-24444
> https://issues.asterisk.org/jira/browse/ASTERISK-24444
>
>
> Repository: Asterisk
>
>
> Description
> -------
>
> When adding an extension it is initially created in the context hash table and also in the pattern tree. This occurs before a priority is added. If afterwards the priority is added and it encounters a failure the entire operation returns an error. In this case the extension is freed but is never removed from the context hash table or the pattern tree. Subsequent access may encounter this invalid extension causing it to access freed memory.
>
> This change no longer makes add_priority responsible for cleaning up the extension and leaves it up to the caller. The caller now removes the extension from the context hash table and pattern tree and then frees the extension.
>
>
> Diffs
> -----
>
> /branches/11/main/pbx.c 427541
>
> Diff: https://reviewboard.asterisk.org/r/4162/diff/
>
>
> Testing
> -------
>
> Before patch:
>
> Subscribed to a hint twice - once with no spaces in it, second time with spaces in it. Running in valgrind showed memory access after being freed.
>
> After patch:
>
> Subscribed to a hint twice - once with no spaces in it, second time with spaces in it. Running in valgrind showed no memory access issues.
>
>
> Thanks,
>
> Joshua Colp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20141111/b1b0e85e/attachment.html>
More information about the asterisk-dev
mailing list