[Asterisk-code-review] jansson-bundled: Patch for off-nominal crash. (asterisk[master])

Corey Farrell asteriskteam at digium.com
Thu Nov 8 17:01:30 CST 2018


Corey Farrell has uploaded this change for review. ( https://gerrit.asterisk.org/10608


Change subject: jansson-bundled: Patch for off-nominal crash.
......................................................................

jansson-bundled: Patch for off-nominal crash.

pack_string crashed on non-NULL strings returned when s->has_error was
true if the string was the result of 's' format without '#', '%' or '+'.

Change-Id: Ic125df691d81ba2cbc413e37bdae657b304d20d0
---
A third-party/jansson/patches/0035-Remove-inappropriate-jsonp_free-which-caused-segment.patch
1 file changed, 58 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/08/10608/1

diff --git a/third-party/jansson/patches/0035-Remove-inappropriate-jsonp_free-which-caused-segment.patch b/third-party/jansson/patches/0035-Remove-inappropriate-jsonp_free-which-caused-segment.patch
new file mode 100644
index 0000000..258fc67
--- /dev/null
+++ b/third-party/jansson/patches/0035-Remove-inappropriate-jsonp_free-which-caused-segment.patch
@@ -0,0 +1,58 @@
+From e262ea5fcd789d20d5d20d5d6d9c7ec06e3c00fd Mon Sep 17 00:00:00 2001
+From: Corey Farrell <git at cfware.com>
+Date: Mon, 5 Nov 2018 16:43:10 -0500
+Subject: [PATCH 35/35] Remove inappropriate jsonp_free which caused
+ segmentation fault.
+
+pack_string should never free str on error.  This wouldn't be a problem
+except the check for `ours` was inverted.  Just remove the check for
+ours since the true condition is unreachable.
+
+json_vpack_ex also had an error check for s.has_error.  This can never
+be true unless value is NULL.
+
+Test changes removed for merging into Asterisk bundled copy.
+
+Fixes #444
+---
+ src/pack_unpack.c           |  9 ++-------
+ test/suites/api/test_pack.c | 21 +++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 7 deletions(-)
+
+diff --git a/src/pack_unpack.c b/src/pack_unpack.c
+index ec04bc3..3b99776 100644
+--- a/src/pack_unpack.c
++++ b/src/pack_unpack.c
+@@ -359,9 +359,7 @@ static json_t *pack_string(scanner_t *s, va_list *ap)
+         return t == '?' && !s->has_error ? json_null() : NULL;
+ 
+     if (s->has_error) {
+-        if (!ours)
+-            jsonp_free(str);
+-
++        /* It's impossible to reach this point if ours != 0, do not free str. */
+         return NULL;
+     }
+ 
+@@ -853,6 +851,7 @@ json_t *json_vpack_ex(json_error_t *error, size_t flags,
+     value = pack(&s, &ap_copy);
+     va_end(ap_copy);
+ 
++    /* This will cover all situations where s.has_error is true */
+     if(!value)
+         return NULL;
+ 
+@@ -862,10 +861,6 @@ json_t *json_vpack_ex(json_error_t *error, size_t flags,
+         set_error(&s, "<format>", json_error_invalid_format, "Garbage after format string");
+         return NULL;
+     }
+-    if(s.has_error) {
+-        json_decref(value);
+-        return NULL;
+-    }
+ 
+     return value;
+ }
+-- 
+2.17.2
+

-- 
To view, visit https://gerrit.asterisk.org/10608
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic125df691d81ba2cbc413e37bdae657b304d20d0
Gerrit-Change-Number: 10608
Gerrit-PatchSet: 1
Gerrit-Owner: Corey Farrell <git at cfware.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20181108/73c9f0a0/attachment.html>


More information about the asterisk-code-review mailing list