astobj2.c: Fix core when ref_log enabled

In the AO2_ALLOC_OPT_LOCK_NOLOCK case the referenced obj
structure is freed, but is then referenced later if ref_log is
enabled. The change is to store the obj->priv_data.options value
locally and reference it instead of the value from the freed obj

ASTERISK-29730

Change-Id: I60cc5dc1f5a4330e7ad56976fc38a42de0ab6072

diff --git a/main/astobj2.c b/main/astobj2.c
index ab8fb8bdf8ff77a6bdc00db2f941a43ecb62681b..b75c4d3db95d421b88356cba28a8a8e0594ab4f9 100644 (file)
--- a/main/astobj2.c
+++ b/main/astobj2.c
@@ -504,6 +504,7 @@ int __ao2_ref(void *user_data, int delta,
        struct astobj2_lockobj *obj_lockobj;
        int32_t current_value;
        int32_t ret;
+       uint32_t privdataoptions;
        struct ao2_weakproxy *weakproxy = NULL;
        const char *lock_state;
 
@@ -621,6 +622,8 @@ int __ao2_ref(void *user_data, int delta,
 
        /* In case someone uses an object after it's been freed */
        obj->priv_data.magic = 0;
+       /* Save the options locally so the ref_log print at the end doesn't access freed data */
+       privdataoptions = obj->priv_data.options;
 
        switch (obj->priv_data.options & AO2_ALLOC_OPT_LOCK_MASK) {
        case AO2_ALLOC_OPT_LOCK_MUTEX:
@@ -655,7 +658,7 @@ int __ao2_ref(void *user_data, int delta,
                break;
        }
 
-       if (ref_log && !(obj->priv_data.options & AO2_ALLOC_OPT_NO_REF_DEBUG)) {
+       if (ref_log && !(privdataoptions & AO2_ALLOC_OPT_NO_REF_DEBUG)) {
                fprintf(ref_log, "%p,%d,%d,%s,%d,%s,**destructor**lock-state:%s**,%s\n",
                        user_data, delta, ast_get_tid(), file, line, func, lock_state, tag ?: "");
                fflush(ref_log);