Fix unintential memory retention in stringfields.
authorCorey Farrell <git@cfware.com>
Thu, 6 Nov 2014 09:18:48 +0000 (09:18 +0000)
committerCorey Farrell <git@cfware.com>
Thu, 6 Nov 2014 09:18:48 +0000 (09:18 +0000)
* Fix missing / unreachable calls to __ast_string_field_release_active.
* Reset pool->used to zero when the current pool->active reaches zero.

ASTERISK-24307 #close
Reported by: Etienne Lessard
Tested by: ibercom, Etienne Lessard
Review: https://reviewboard.asterisk.org/r/4114/
........

Merged revisions 427380 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 427381 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 427382 from http://svn.asterisk.org/svn/asterisk/branches/12
........

Merged revisions 427384 from http://svn.asterisk.org/svn/asterisk/branches/13

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@427388 65c4cc65-6c06-0410-ace0-fbb531ad65f3

include/asterisk/stringfields.h
main/utils.c

index 9f4a1ae..dc70960 100644 (file)
@@ -316,26 +316,28 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head,
 */
 #define ast_string_field_ptr_set(x, ptr, data) ast_string_field_ptr_set_by_fields((x)->__field_mgr_pool, (x)->__field_mgr, ptr, data)
 
-#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data) \
-({ \
-    int __res__ = 0; \
-    const char *__d__ = (data);                                         \
-    size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1;                              \
-    ast_string_field *__p__ = (ast_string_field *) (ptr);                               \
-    if (__dlen__ == 1) {                                                \
-        __ast_string_field_release_active(field_mgr_pool, *__p__);                  \
-        *__p__ = __ast_string_field_empty;                                  \
-    } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) ||                         \
-           (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) ||   \
-           (*__p__ = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) {   \
-        if (*__p__ != (*ptr)) {                                         \
-            __ast_string_field_release_active(field_mgr_pool, (*ptr));              \
-        }                                                   \
-        memcpy(* (void **) __p__, __d__, __dlen__);                             \
-    } else { \
-        __res__ = -1; \
-    }                                                       \
-    __res__; \
+#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data)               \
+({                                                                                             \
+    int __res__ = 0;                                                                           \
+    const char *__d__ = (data);                                                                \
+    size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1;                                         \
+    ast_string_field *__p__ = (ast_string_field *) (ptr);                                      \
+    ast_string_field target = *__p__;                                                          \
+    if (__dlen__ == 1) {                                                                       \
+        __ast_string_field_release_active(field_mgr_pool, *__p__);                             \
+        *__p__ = __ast_string_field_empty;                                                     \
+    } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) ||                            \
+           (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) ||     \
+           (target = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) { \
+        if (target != *__p__) {                                                                \
+            __ast_string_field_release_active(field_mgr_pool, *__p__);                         \
+            *__p__ = target;                                                                   \
+        }                                                                                      \
+        memcpy(* (void **) __p__, __d__, __dlen__);                                            \
+    } else {                                                                                   \
+        __res__ = -1;                                                                          \
+    }                                                                                          \
+    __res__;                                                                                   \
 })
 
 /*!
index 3a095ca..e3bb36e 100644 (file)
@@ -2099,9 +2099,13 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head,
        for (pool = pool_head, prev = NULL; pool; prev = pool, pool = pool->prev) {
                if ((ptr >= pool->base) && (ptr <= (pool->base + pool->size))) {
                        pool->active -= AST_STRING_FIELD_ALLOCATION(ptr);
-                       if ((pool->active == 0) && prev) {
-                               prev->prev = pool->prev;
-                               ast_free(pool);
+                       if (pool->active == 0) {
+                               if (prev) {
+                                       prev->prev = pool->prev;
+                                       ast_free(pool);
+                               } else {
+                                       pool->used = 0;
+                               }
                        }
                        break;
                }
@@ -2150,6 +2154,11 @@ void __ast_string_field_ptr_build_va(struct ast_string_field_mgr *mgr,
                /* Are we out of memory? */
                return;
        }
+       if (res == 0) {
+               __ast_string_field_release_active(*pool_head, *ptr);
+               *ptr = __ast_string_field_empty;
+               return;
+       }
        needed = (size_t)res + 1; /* NUL byte */
 
        if (needed > available) {