Merged revisions 327950 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
........
r327950 | kpfleming | 2011-07-12 17:53:53 -0500 (Tue, 12 Jul 2011) | 14 lines
Correct double-free situation in manager output processing.
The process_output() function calls ast_str_append() and xml_translate() on its
'out' parameter, which is a pointer to an ast_str buffer. If either of these
functions need to reallocate the ast_str so it will have more space, they will
free the existing buffer and allocate a new one, returning the address of the
new one. However, because process_output only receives a pointer to the ast_str,
not a pointer to its caller's variable holding the pointer, if the original
ast_str is freed, the caller will not know, and will continue to use it (and
later attempt to free it).
(reported by jkroon on #asterisk-dev)
........
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@327953
65c4cc65-6c06-0410-ace0-
fbb531ad65f3
projects / asterisk/asterisk.git / commit