[asterisk-dev] [Code Review] 4162: pbx: Fix crash in off-nominal when add_priority encounters a failure.
Joshua Colp
reviewboard at asterisk.org
Mon Nov 10 08:06:23 CST 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4162/
-----------------------------------------------------------
(Updated Nov. 10, 2014, 2:06 p.m.)
Review request for Asterisk Developers.
Changes
-------
Fix context access without lock.
Bugs: ASTERISK-24444
https://issues.asterisk.org/jira/browse/ASTERISK-24444
Repository: Asterisk
Description
-------
When adding an extension it is initially created in the context hash table and also in the pattern tree. This occurs before a priority is added. If afterwards the priority is added and it encounters a failure the entire operation returns an error. In this case the extension is freed but is never removed from the context hash table or the pattern tree. Subsequent access may encounter this invalid extension causing it to access freed memory.
This change no longer makes add_priority responsible for cleaning up the extension and leaves it up to the caller. The caller now removes the extension from the context hash table and pattern tree and then frees the extension.
Diffs (updated)
-----
/branches/11/main/pbx.c 427541
Diff: https://reviewboard.asterisk.org/r/4162/diff/
Testing
-------
Before patch:
Subscribed to a hint twice - once with no spaces in it, second time with spaces in it. Running in valgrind showed memory access after being freed.
After patch:
Subscribed to a hint twice - once with no spaces in it, second time with spaces in it. Running in valgrind showed no memory access issues.
Thanks,
Joshua Colp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20141110/a7d1de44/attachment.html>
More information about the asterisk-dev
mailing list