Fix crash resulting from frames with invalid data pointers.
authorJeff Peeler <jpeeler@digium.com>
Tue, 26 Jan 2010 18:07:57 +0000 (18:07 +0000)
committerJeff Peeler <jpeeler@digium.com>
Tue, 26 Jan 2010 18:07:57 +0000 (18:07 +0000)
In ast_frdup the frame data union does not get set to point to malloced memory
if the datalen is zero, so make sure to handle the same case in ast_frisolate
appropriately.

(closes issue #16058)
Reported by: atis
Patches:
      bug16058-fix.patch uploaded by jpeeler (license 325)
Tested by: atis

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@243244 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/frame.c

index 1f1476c..c90469b 100644 (file)
@@ -435,6 +435,11 @@ struct ast_frame *ast_frisolate(struct ast_frame *fr)
        }
        
        if (!(fr->mallocd & AST_MALLOCD_DATA))  {
+               if (!fr->datalen) {
+                       out->data.uint32 = fr->data.uint32;
+                       out->mallocd = AST_MALLOCD_HDR | AST_MALLOCD_SRC;
+                       return out;
+               }
                if (!(newdata = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) {
                        if (out->src != fr->src) {
                                ast_free((void *) out->src);