Avoid a segfault on invalid format names
authorKinsey Moore <kmoore@digium.com>
Fri, 12 Oct 2012 21:58:29 +0000 (21:58 +0000)
committerKinsey Moore <kmoore@digium.com>
Fri, 12 Oct 2012 21:58:29 +0000 (21:58 +0000)
If a format name was not found by ast_getformatbyname, a NULL pointer
would be passed into ast_format_rate and immediately dereferenced.
This ensures that a valid pointer is used since the structure is
already allocated on the stack.

(closes issue DPH-523)
Reported-by: Steve Pitts
........

Merged revisions 374932 from http://svn.asterisk.org/svn/asterisk/branches/11

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@374933 65c4cc65-6c06-0410-ace0-fbb531ad65f3

apps/app_voicemail.c

index 6730581..7d9917d 100644 (file)
@@ -6006,12 +6006,13 @@ static int msg_create_from_file(struct ast_vm_recording_data *recdata)
        if ((recording_fs = ast_readfile(recdata->recording_file, recdata->recording_ext, NULL, 0, 0, VOICEMAIL_DIR_MODE))) {
                if (!ast_seekstream(recording_fs, 0, SEEK_END)) {
                        long framelength = ast_tellstream(recording_fs);
-                       struct ast_format result;
+                       struct ast_format result = {0,};
                        /* XXX This use of ast_getformatbyname seems incorrect here. The file extension does not necessarily correspond
                         * to the name of the format. For instance, if "raw" were passed in, I don't think ast_getformatbyname would
                         * find the slinear format
                         */
-                       duration = (int) (framelength / ast_format_rate(ast_getformatbyname(recdata->recording_ext, &result)));
+                       ast_getformatbyname(recdata->recording_ext, &result);
+                       duration = (int) (framelength / ast_format_rate(&result));
                }
        }