From: Kinsey Moore <kmoore@digium.com>
Date: Fri, 12 Oct 2012 21:56:59 +0000 (+0000)
Subject: Avoid a segfault on invalid format names
X-Git-Tag: 10.11.0-digiumphones-rc1~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65d82246a97ba45b2b9a810cceae022124f4078a;p=thirdparty%2Fasterisk.git

Avoid a segfault on invalid format names

If a format name was not found by ast_getformatbyname, a NULL pointer
would be passed into ast_format_rate and immediately dereferenced.
This ensures that a valid pointer is used since the structure is
already allocated on the stack.

(closes issue DPH-523)
Reported-by: Steve Pitts


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10-digiumphones@374931 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c
index 5a9539fc7d..4ce0a04541 100644
--- a/apps/app_voicemail.c
+++ b/apps/app_voicemail.c
@@ -5694,12 +5694,13 @@ static int msg_create_from_file(struct ast_vm_recording_data *recdata)
 	if ((recording_fs = ast_readfile(recdata->recording_file, recdata->recording_ext, NULL, 0, 0, VOICEMAIL_DIR_MODE))) {
 		if (!ast_seekstream(recording_fs, 0, SEEK_END)) {
 			long framelength = ast_tellstream(recording_fs);
-			struct ast_format result;
+			struct ast_format result = {0,};
 			/* XXX This use of ast_getformatbyname seems incorrect here. The file extension does not necessarily correspond
 			 * to the name of the format. For instance, if "raw" were passed in, I don't think ast_getformatbyname would
 			 * find the slinear format
 			 */
-			duration = (int) (framelength / ast_format_rate(ast_getformatbyname(recdata->recording_ext, &result)));
+			ast_getformatbyname(recdata->recording_ext, &result);
+			duration = (int) (framelength / ast_format_rate(&result));
 		}
 	}