kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-27 06:31:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

app_dial may double free a channel datastore

Browse Source 
When starting a call with originate, and having the callee channel run Bridge() on pickup, we will double free the dialed_interface_info datastore, causing a crash.  Make sure to check if the datastore still exists before trying to free it.

(closes issue ASTERISK-17917)
Reported by: Mark Murawski
Tested by: Mark Murawski



git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@328663 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Mark Murawki
2011-07-18 20:47:04 +00:00
parent 58a56845a6
commit f5ec4864bd
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/app_dial.c
View File

@@ -2409,7 +2409,8 @@ static int dial_exec_full(struct ast_channel *chan, const char *data, struct ast
* datastore again, causing a crash
*/
ast_channel_lock(chan);
if (!ast_channel_datastore_remove(chan, datastore)) {
datastore = ast_channel_datastore_find(chan, &dialed_interface_info, NULL); /* make sure we weren't cleaned up already */
if (datastore && !ast_channel_datastore_remove(chan, datastore)) {
ast_datastore_free(datastore);
}
ast_channel_unlock(chan);