From 9405b9e2b756acb30727bff4e452cae64a8df3e3 Mon Sep 17 00:00:00 2001 From: Jeff Peeler Date: Tue, 1 Dec 2009 21:29:31 +0000 Subject: [PATCH] Fix crash with invalid frame data The crash was happening as a result of a frame containing an invalid data pointer, but was set with data length of zero. The few times the issue was reproduced it _seemed_ that the frame was queued properly, that is the data pointer was set to NULL. I never could reproduce the crash so as a last resort the crash has been fixed, but a check in __ast_read has been added to give as much information about the source of problematic frames in the future. (closes issue #16058) Reported by: atis git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@231911 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- main/channel.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/main/channel.c b/main/channel.c index 61a5a36088..dfd1062aca 100644 --- a/main/channel.c +++ b/main/channel.c @@ -2513,6 +2513,17 @@ static struct ast_frame *__ast_read(struct ast_channel *chan, int dropaudio) ast_frame_dump(chan->name, f, "<<"); chan->fin = FRAMECOUNT_INC(chan->fin); + if (f && f->datalen == 0 && f->data) { + /* fix invalid pointer */ + f->data = NULL; +#ifdef AST_DEVMODE + ast_log(LOG_ERROR, "Found frame with src '%s' with datalen zero, but non-null data pointer!\n", f->src); + ast_frame_dump(chan->name, f, "<<"); +#else + ast_debug(3, "Found frame with src '%s' on channel '%s' with datalen zero, but non-null data pointer!\n", f->src, chan->name); +#endif + } + done: ast_channel_unlock(chan); return f;