[svn-commits] jpeeler: trunk r243244 - /trunk/main/frame.c

SVN commits to the Digium repositories svn-commits at lists.digium.com
Tue Jan 26 12:08:05 CST 2010


Author: jpeeler
Date: Tue Jan 26 12:07:57 2010
New Revision: 243244

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=243244
Log:
Fix crash resulting from frames with invalid data pointers.

In ast_frdup the frame data union does not get set to point to malloced memory 
if the datalen is zero, so make sure to handle the same case in ast_frisolate
appropriately.

(closes issue #16058)
Reported by: atis
Patches: 
      bug16058-fix.patch uploaded by jpeeler (license 325)
Tested by: atis

Modified:
    trunk/main/frame.c

Modified: trunk/main/frame.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/frame.c?view=diff&rev=243244&r1=243243&r2=243244
==============================================================================
--- trunk/main/frame.c (original)
+++ trunk/main/frame.c Tue Jan 26 12:07:57 2010
@@ -435,6 +435,11 @@
 	}
 	
 	if (!(fr->mallocd & AST_MALLOCD_DATA))  {
+		if (!fr->datalen) {
+			out->data.uint32 = fr->data.uint32;
+			out->mallocd = AST_MALLOCD_HDR | AST_MALLOCD_SRC;
+			return out;
+		}
 		if (!(newdata = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) {
 			if (out->src != fr->src) {
 				ast_free((void *) out->src);




More information about the svn-commits mailing list