kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-05 12:16:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

The member refcount must be incremented, to avoid using it after deallocation.

Browse Source 
A huge thanks go to lvl- for patiently providing the necessary valgrind output
that was necessary to finding this problem of memory corruption.
Reported by: lvl-
Patch by: tilghman
Closes issue #11174


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@89093 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Tilghman Lesher
2007-11-07 23:39:37 +00:00
parent 0d76379f54
commit 45c16cc29b
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/app_queue.c
View File

@@ -2622,6 +2622,8 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
callcompletedinsl = ((now - qe->start) <= qe->parent->servicelevel);
ast_mutex_unlock(&qe->parent->lock);
member = lpeer->member;
/* Increment the refcount for this member, since we're going to be using it for awhile in here. */
ao2_ref(member, 1);
hangupcalls(outgoing, peer);
outgoing = NULL;
if (announce || qe->parent->reportholdtime || qe->parent->memberdelay) {
@@ -2668,6 +2670,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
queuename, qe->chan->uniqueid, peer->name, member->interface, member->membername,
qe->parent->eventwhencalled == QUEUE_EVENT_VARIABLES ? vars2manager(qe->chan, vars, sizeof(vars)) : "");
ast_hangup(peer);
ao2_ref(member, -1);
goto out;
} else if (res2) {
/* Caller must have hung up just before being connected*/
@@ -2675,6 +2678,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
ast_queue_log(queuename, qe->chan->uniqueid, member->membername, "ABANDON", "%d|%d|%ld", qe->pos, qe->opos, (long)time(NULL) - qe->start);
record_abandoned(qe);
ast_hangup(peer);
ao2_ref(member, -1);
return -1;
}
}
@@ -2690,6 +2694,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
ast_log(LOG_WARNING, "Had to drop call because I couldn't make %s compatible with %s\n", qe->chan->name, peer->name);
record_abandoned(qe);
ast_hangup(peer);
ao2_ref(member, -1);
return -1;
}
@@ -2874,6 +2879,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
ast_hangup(peer);
update_queue(qe->parent, member, callcompletedinsl);
res = bridge ? bridge : 1;
ao2_ref(member, -1);
}
out:
hangupcalls(outgoing, NULL);