pbx.c: Crash in handle_hint_change due to uninitialized values

handle_hint_change calls extension_presence_state_helper, which returns the
presence state subtype and message when a valid state is available. If the
state is invalid then those values are not filled. If they have not been
properly initialized to NULL then when ast_free is later called on them
Asterisk crashes.

This patch initializes the subtype and message to NULL.

ASTERISK-25706 #close
patches:
  0008-handle_hint_change-initialize-presence_state.patch
   submitted by Tzafrir Cohen (license 5035)

Change-Id: I2eb08c68951b327c42df0798de60484c3a225a50

diff --git a/main/pbx.c b/main/pbx.c
index 41094c5d64b75037d019699b2c0c8f5e3de0f138..daf2e437c59de28327bb3d5a9a5cdeb0ce05e815 100644 (file)
--- a/main/pbx.c
+++ b/main/pbx.c
@@ -6151,6 +6151,8 @@ static int handle_hint_change(void *data)
 
        device_state_notify_callbacks(hint, &hint_app);
 
+       memset(&presence_state, 0, sizeof(presence_state));
+
        state = extension_presence_state_helper(
                hint->exten, &presence_state.subtype, &presence_state.message);