bridge: Old channel video source not set to NULL after unref.
authorCorey Farrell <git@cfware.com>
Wed, 20 Dec 2017 16:23:08 +0000 (11:23 -0500)
committerCorey Farrell <git@cfware.com>
Wed, 20 Dec 2017 16:23:08 +0000 (11:23 -0500)
The bridge holds onto the old channel video source after it's been
released.  This can lead to use after free errors.

ASTERISK-27229 #close

Change-Id: Ib2dab61677dd8a21f7ad53cdc9b8ca93297838b3

main/bridge.c

index 7a937ea..88d9e54 100644 (file)
@@ -3848,7 +3848,7 @@ void ast_bridge_update_talker_src_video_mode(struct ast_bridge *bridge, struct a
                data->average_talking_energy = talker_energy;
        } else if ((data->average_talking_energy < talker_energy) && is_keyframe) {
                if (data->chan_old_vsrc) {
-                       ast_channel_unref(data->chan_old_vsrc);
+                       data->chan_old_vsrc = ast_channel_unref(data->chan_old_vsrc);
                }
                if (data->chan_vsrc) {
                        data->chan_old_vsrc = data->chan_vsrc;