[asterisk-dev] [Code Review] 4186: stringfields: Fix regression from fix for unintentional memory retention caused by ast_string_fields_copy
Corey Farrell
reviewboard at asterisk.org
Tue Nov 18 12:33:21 CST 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4186/
-----------------------------------------------------------
(Updated Nov. 18, 2014, 1:33 p.m.)
Review request for Asterisk Developers and rmudgett.
Changes
-------
Update patch to remove change that had no effect. Update title/branches.
Summary (updated)
-----------------
stringfields: Fix regression from fix for unintentional memory retention caused by ast_string_fields_copy
Bugs: ASTERISK-24535
https://issues.asterisk.org/jira/browse/ASTERISK-24535
Repository: Asterisk
Description
-------
This addresses a regression in the previous fix that applies to all versions. When __ast_string_field_ptr_grow is called by ast_string_field_ptr_set_by_fields, it needs to be passed &target, not __p__. In the current code if __ast_string_field_ptr_grow actually does anything, it will cause *__p__ != target. Unfortunately in this case *__p__ points to the new address, target to the old. This may cause too much data to be written to the old space for the string, and this could cause memory corruption. This was the first thing I noticed when attempting to troubleshoot res/parking/dynamic_parking_variables unit test failure, but did not fix the test.
Also needed to get the unit test working again is a fix for ast_string_fields_copy in 12+. The existing code relies on the fact that __ast_string_field_release_active never previously zeroed pool->used, so keeping the existing pointer was ok. Setting each field to __ast_string_field_empty after releasing the memory seems to resolve the issue.
Diffs (updated)
-----
/branches/12/include/asterisk/stringfields.h 428167
Diff: https://reviewboard.asterisk.org/r/4186/diff/
Testing
-------
Full testsuite against 12. I had 17 failures, but that is normal on my system. I re-ran the 17 tests without this patch, they still failed.
Thanks,
Corey Farrell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20141118/1d1d8fb6/attachment-0001.html>
More information about the asterisk-dev
mailing list