bridge: Old channel video source not set to NULL after unref.

The bridge holds onto the old channel video source after it's been
released.  This can lead to use after free errors.

ASTERISK-27229 #close

Change-Id: Ib2dab61677dd8a21f7ad53cdc9b8ca93297838b3

diff --git a/main/bridge.c b/main/bridge.c
index 7a937ea59b6179ba730c7ec9265c94d576d1c391..88d9e548775577ad046f8f48b46518a32d338ef3 100644 (file)
--- a/main/bridge.c
+++ b/main/bridge.c
@@ -3848,7 +3848,7 @@ void ast_bridge_update_talker_src_video_mode(struct ast_bridge *bridge, struct a
                data->average_talking_energy = talker_energy;
        } else if ((data->average_talking_energy < talker_energy) && is_keyframe) {
                if (data->chan_old_vsrc) {
-                       ast_channel_unref(data->chan_old_vsrc);
+                       data->chan_old_vsrc = ast_channel_unref(data->chan_old_vsrc);
                }
                if (data->chan_vsrc) {
                        data->chan_old_vsrc = data->chan_vsrc;