From: Kinsey Moore <kmoore@digium.com>
Date: Fri, 12 Oct 2012 21:58:29 +0000 (+0000)
Subject: Avoid a segfault on invalid format names
X-Git-Tag: 13.0.0-beta1~2430
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0eab8b669d898b8f6acece773556a8f057a0b4cd;p=thirdparty%2Fasterisk.git

Avoid a segfault on invalid format names

If a format name was not found by ast_getformatbyname, a NULL pointer
would be passed into ast_format_rate and immediately dereferenced.
This ensures that a valid pointer is used since the structure is
already allocated on the stack.

(closes issue DPH-523)
Reported-by: Steve Pitts
........

Merged revisions 374932 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@374933 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c
index 6730581826..7d9917d7e7 100644
--- a/apps/app_voicemail.c
+++ b/apps/app_voicemail.c
@@ -6006,12 +6006,13 @@ static int msg_create_from_file(struct ast_vm_recording_data *recdata)
 	if ((recording_fs = ast_readfile(recdata->recording_file, recdata->recording_ext, NULL, 0, 0, VOICEMAIL_DIR_MODE))) {
 		if (!ast_seekstream(recording_fs, 0, SEEK_END)) {
 			long framelength = ast_tellstream(recording_fs);
-			struct ast_format result;
+			struct ast_format result = {0,};
 			/* XXX This use of ast_getformatbyname seems incorrect here. The file extension does not necessarily correspond
 			 * to the name of the format. For instance, if "raw" were passed in, I don't think ast_getformatbyname would
 			 * find the slinear format
 			 */
-			duration = (int) (framelength / ast_format_rate(ast_getformatbyname(recdata->recording_ext, &result)));
+			ast_getformatbyname(recdata->recording_ext, &result);
+			duration = (int) (framelength / ast_format_rate(&result));
 		}
 	}