res_rtp_asterisk: Free payload when error on insertion to data buffer

When the ast_data_buffer_put rejects to add a packet, for example because
the buffer already contains a packet with the same sequence number, the
payload will never be freed, resulting in a memory leak.

The data buffer will now return an error if this situation occurs
allowing the caller to free the payload. The res_rtp_asterisk module
has also been updated to do this.

ASTERISK-28826

Change-Id: Ie6c49495d1c921d5f997651c7d0f79646f095cf1

diff --git a/main/data_buffer.c b/main/data_buffer.c
index cfc323c680d5ac8d5266501e952471aced937c4b..85e79711c4a69389eb3d712e628650e89de64452 100644 (file)
--- a/main/data_buffer.c
+++ b/main/data_buffer.c
@@ -254,7 +254,7 @@ int ast_data_buffer_put(struct ast_data_buffer *buffer, size_t pos, void *payloa
        AST_LIST_TRAVERSE_SAFE_END;
 
        if (inserted == -1) {
-               return 0;
+               return -1;
        }
 
        if (!inserted) {

diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index 4fc42177ceae2d1946ae48a0ef8a4143a666aadc..5dd5d355f16565fc8eb2666c738a4a912d87b45d 100644 (file)
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -4991,7 +4991,9 @@ static int rtp_raw_write(struct ast_rtp_instance *instance, struct ast_frame *fr
                        if (payload) {
                                payload->size = packet_len;
                                memcpy(payload->buf, rtpheader, packet_len);
-                               ast_data_buffer_put(rtp->send_buffer, rtp->seqno, payload);
+                               if (ast_data_buffer_put(rtp->send_buffer, rtp->seqno, payload) == -1) {
+                                       ast_free(payload);
+                               }
                        }
                }
 
@@ -7938,7 +7940,9 @@ static struct ast_frame *ast_rtp_read(struct ast_rtp_instance *instance, int rtc
 
                payload->size = res;
                memcpy(payload->buf, rtpheader, res);
-               ast_data_buffer_put(rtp->recv_buffer, seqno, payload);
+               if (ast_data_buffer_put(rtp->recv_buffer, seqno, payload) == -1) {
+                       ast_free(payload);
+               }
 
                /* If this sequence number is removed that means we had a gap and this packet has filled it in
                 * some. Since it was part of the gap we will have already added any other missing sequence numbers