kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-12 15:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix crash with invalid frame data

Browse Source 
The crash was happening as a result of a frame containing an invalid data
pointer, but was set with data length of zero. The few times the issue was
reproduced it _seemed_ that the frame was queued properly, that is the data
pointer was set to NULL. I never could reproduce the crash so as a last resort
the crash has been fixed, but a check in __ast_read has been added to give as
much information about the source of problematic frames in the future.

(closes issue #16058)
Reported by: atis


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@231911 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Jeff Peeler
2009-12-01 21:29:31 +00:00
parent 031d3b8d1f
commit 9405b9e2b7
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
main/channel.c
View File

@@ -2513,6 +2513,17 @@ static struct ast_frame *__ast_read(struct ast_channel *chan, int dropaudio)
ast_frame_dump(chan->name, f, "<<"); ast_frame_dump(chan->name, f, "<<");
chan->fin = FRAMECOUNT_INC(chan->fin); chan->fin = FRAMECOUNT_INC(chan->fin);
if (f && f->datalen == 0 && f->data) {
/* fix invalid pointer */
f->data = NULL;
#ifdef AST_DEVMODE
ast_log(LOG_ERROR, "Found frame with src '%s' with datalen zero, but non-null data pointer!\n", f->src);
ast_frame_dump(chan->name, f, "<<");
#else
ast_debug(3, "Found frame with src '%s' on channel '%s' with datalen zero, but non-null data pointer!\n", f->src, chan->name);
#endif
}
done: done:
ast_channel_unlock(chan); ast_channel_unlock(chan);
return f; return f;