Access peer->cdr directly instead of through a saved off reference.

At this point in the code, it is possible that peer_cdr may be invalid.
Specifically, in the blind transfer code, CDRs are swapped between channels.
So, peer_cdr is no longer == peer->cdr.

The scenario that exposed a crash in this code was a blind transfer that hit
the system call limit, causing the transferee channel to get destroyed after
the transfer attempt failed.  Even if it succeeds and this code doesn't crash,
this code was still trying to reset a CDR on a channel that was now owned by
a different thread, which is a BadThing(tm).

(ABE-2417)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@275994 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/res/res_features.c b/res/res_features.c
index 8690d3ab52a427f928adfd95b0ecf635f25d54da..4ebc83c8c7b98ded50f42282c9522035f5376d8d 100644 (file)
--- a/res/res_features.c
+++ b/res/res_features.c
@@ -2195,7 +2195,7 @@ int ast_bridge_call(struct ast_channel *chan,struct ast_channel *peer,struct ast
                        /* new channel */
                        ast_cdr_specialized_reset(new_peer_cdr,0);
                } else {
-                       ast_cdr_specialized_reset(peer_cdr,0); /* nothing changed, reset the peer_cdr  */
+                       ast_cdr_specialized_reset(peer->cdr, 0); /* nothing changed, reset the peer cdr  */
                }
        }