sysmocom
/
asterisk
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merged revisions 89093 via svnmerge from 

https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r89093 | tilghman | 2007-11-07 17:39:37 -0600 (Wed, 07 Nov 2007) | 7 lines

The member refcount must be incremented, to avoid using it after deallocation.
A huge thanks go to lvl- for patiently providing the necessary valgrind output
that was necessary to finding this problem of memory corruption.
Reported by: lvl-
Patch by: tilghman
Closes issue #11174

........


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@89094 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Tilghman Lesher 2007-11-07 23:47:45 +00:00
parent 4f34bc609b
commit 97744f54e7
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/app_queue.c
View File

@ -2836,6 +2836,8 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
callcompletedinsl = ((now - qe->start) <= qe->parent->servicelevel);
ao2_unlock(qe->parent);
member = lpeer->member;
/* Increment the refcount for this member, since we're going to be using it for awhile in here. */
ao2_ref(member, 1);
hangupcalls(outgoing, peer);
outgoing = NULL;
if (announce || qe->parent->reportholdtime || qe->parent->memberdelay) {
@ -2882,6 +2884,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
queuename, qe->chan->uniqueid, peer->name, member->interface, member->membername,
qe->parent->eventwhencalled == QUEUE_EVENT_VARIABLES ? vars2manager(qe->chan, vars, sizeof(vars)) : "");
ast_hangup(peer);
ao2_ref(member, -1);
goto out;
} else if (res2) {
/* Caller must have hung up just before being connected*/
@ -2889,6 +2892,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
ast_queue_log(queuename, qe->chan->uniqueid, member->membername, "ABANDON", "%d|%d|%ld", qe->pos, qe->opos, (long) time(NULL) - qe->start);
record_abandoned(qe);
ast_hangup(peer);
ao2_ref(member, -1);
return -1;
}
}
@ -2907,6 +2911,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
ast_log(LOG_WARNING, "Had to drop call because I couldn't make %s compatible with %s\n", qe->chan->name, peer->name);
record_abandoned(qe);
ast_hangup(peer);
ao2_ref(member, -1);
return -1;
}
@ -3190,6 +3195,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
ast_hangup(peer);
update_queue(qe->parent, member, callcompletedinsl);
res = bridge ? bridge : 1;
ao2_ref(member, -1);
}
out:
hangupcalls(outgoing, NULL);