Merged revisions 86902 via svnmerge from
authorSteve Murphy <murf@digium.com>
Tue, 23 Oct 2007 21:25:37 +0000 (21:25 +0000)
committerSteve Murphy <murf@digium.com>
Tue, 23 Oct 2007 21:25:37 +0000 (21:25 +0000)
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r86902 | murf | 2007-10-23 15:18:08 -0600 (Tue, 23 Oct 2007) | 1 line

closes issue #11052 -- where nothing after the ? will allow un-initialized variable values to corrupt and crash asterisk on 64-bit platforms
........

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@86903 65c4cc65-6c06-0410-ace0-fbb531ad65f3

funcs/func_logic.c

index 4ab9ed4..aff358c 100644 (file)
@@ -101,12 +101,19 @@ static int acf_if(struct ast_channel *chan, const char *cmd, char *data, char *b
                AST_APP_ARG(iftrue);
                AST_APP_ARG(iffalse);
        );
-
+       args2.iftrue = args2.iffalse = NULL; /* you have to set these, because if there is nothing after the '?',
+                                                                                       then args1.remainder will be NULL, not a pointer to a null string, and
+                                                                                       then any garbage in args2.iffalse will not be cleared, and you'll crash.
+                                                                                   -- and if you mod the ast_app_separate_args func instead, you'll really
+                                                                                       mess things up badly, because the rest of everything depends on null args
+                                                                                       for non-specified stuff. */
+       
        AST_NONSTANDARD_APP_ARGS(args1, data, '?');
        AST_NONSTANDARD_APP_ARGS(args2, args1.remainder, ':');
 
        if (ast_strlen_zero(args1.expr) || !(args2.iftrue || args2.iffalse)) {
-               ast_log(LOG_WARNING, "Syntax IF(<expr>?[<true>][:<false>])\n");
+               ast_log(LOG_WARNING, "Syntax IF(<expr>?[<true>][:<false>])  (expr must be non-null, and either <true> or <false> must be non-null)\n");
+               ast_log(LOG_WARNING, "      In this case, <expr>='%s', <true>='%s', and <false>='%s'\n", args1.expr, args2.iftrue, args2.iffalse);
                return -1;
        }