kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-04 05:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

pbx_lua.c: segfault when pass null data to term_color function

Browse Source 
This can be reproduced under certain curcomstences.
For example: call app.playback from lua with invalid data: app.playback({}).
pbx_lua.c will try to get data for this playback using lua_tostring function.
This function returs NULL for everything but strings and numbers.
Then, it calls term_color with NULL data.
term_color function can call(if we don't use vt100 compat term)
ast_copy_string with NULL inbuf which cause segfault. bt example:
ast_copy_string (size=8192, src=0x0, dst=0x7fe44b4be8b0)
at /usr/src/asterisk/asterisk-20.11.0/include/asterisk/strings.h:412

Resolves: https://github.com/asterisk/asterisk/issues/1363
This commit is contained in:
Alexey Khabulyak
2025-08-14 11:21:41 +03:00
committed by github-actions[bot]
parent d772f61231
commit 5003d882e7
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pbx/pbx_lua.c
View File

@@ -222,7 +222,7 @@ static int lua_pbx_exec(lua_State *L)
exten, context, priority, exten, context, priority,
term_color(tmp, app_name, COLOR_BRCYAN, 0, sizeof(tmp)), term_color(tmp, app_name, COLOR_BRCYAN, 0, sizeof(tmp)),
term_color(tmp2, ast_channel_name(chan), COLOR_BRMAGENTA, 0, sizeof(tmp2)), term_color(tmp2, ast_channel_name(chan), COLOR_BRMAGENTA, 0, sizeof(tmp2)),
term_color(tmp3, data, COLOR_BRMAGENTA, 0, sizeof(tmp3))); term_color(tmp3, data ? data : "", COLOR_BRMAGENTA, 0, sizeof(tmp3)));
lua_getfield(L, LUA_REGISTRYINDEX, "autoservice"); lua_getfield(L, LUA_REGISTRYINDEX, "autoservice");
autoservice = lua_toboolean(L, -1); autoservice = lua_toboolean(L, -1);