[asterisk-commits] mjordan: branch 1.8 r356797 - /branches/1.8/apps/app_voicemail.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Sat Feb 25 11:21:34 CST 2012


Author: mjordan
Date: Sat Feb 25 11:21:29 2012
New Revision: 356797

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=356797
Log:
Fix crash in app_voicemail during close_mailbox

In r354890, a memory leak in app_voicemail was fixed by properly disposing of
the allocated heard/deleted pointers.  However, there are situations,
particularly when no messages are found in a folder, where these pointers are
not allocated and not NULL.  In that case, an invalid free would be attempted,
which could crash app_voicemail.  As there are a number of code paths where
this could occur, this patch uses the number of messages detected in the folder
before it attempts to free the pointers.  This resolves the crash detected in
the Asterisk Test Suite's check_voicemail_nominal test.


Modified:
    branches/1.8/apps/app_voicemail.c

Modified: branches/1.8/apps/app_voicemail.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/apps/app_voicemail.c?view=diff&rev=356797&r1=356796&r2=356797
==============================================================================
--- branches/1.8/apps/app_voicemail.c (original)
+++ branches/1.8/apps/app_voicemail.c Sat Feb 25 11:21:29 2012
@@ -7938,9 +7938,9 @@
 static int close_mailbox(struct vm_state *vms, struct ast_vm_user *vmu)
 {
 	int x = 0;
+	int last_msg_idx = 0;
 
 #ifndef IMAP_STORAGE
-	int last_msg_idx;
 	int res = 0, nummsg;
 	char fn2[PATH_MAX];
 #endif
@@ -8017,7 +8017,8 @@
 	if (vms->deleted) {
 		/* Since we now expunge after each delete, deleting in reverse order
 		 * ensures that no reordering occurs between each step. */
-		for (x = vms->dh_arraysize - 1; x >= 0; x--) {
+		last_msg_idx = vms->dh_arraysize;
+		for (x = last_msg_idx - 1; x >= 0; x--) {
 			if (vms->deleted[x]) {
 				ast_debug(3, "IMAP delete of %d\n", x);
 				DELETE(vms->curdir, x, vms->fn, vmu);
@@ -8027,10 +8028,10 @@
 #endif
 
 done:
-	if (vms->deleted) {
+	if (vms->deleted && last_msg_idx) {
 		ast_free(vms->deleted);
 	}
-	if (vms->heard) {
+	if (vms->heard && last_msg_idx) {
 		ast_free(vms->heard);
 	}
 




More information about the asterisk-commits mailing list