From: Jeff Peeler Date: Tue, 1 Dec 2009 21:29:31 +0000 (+0000) Subject: Fix crash with invalid frame data X-Git-Tag: 1.4.28-rc1~11^2~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9405b9e2b756acb30727bff4e452cae64a8df3e3;p=thirdparty%2Fasterisk.git Fix crash with invalid frame data The crash was happening as a result of a frame containing an invalid data pointer, but was set with data length of zero. The few times the issue was reproduced it _seemed_ that the frame was queued properly, that is the data pointer was set to NULL. I never could reproduce the crash so as a last resort the crash has been fixed, but a check in __ast_read has been added to give as much information about the source of problematic frames in the future. (closes issue #16058) Reported by: atis git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@231911 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/main/channel.c b/main/channel.c index 61a5a36088..dfd1062aca 100644 --- a/main/channel.c +++ b/main/channel.c @@ -2513,6 +2513,17 @@ static struct ast_frame *__ast_read(struct ast_channel *chan, int dropaudio) ast_frame_dump(chan->name, f, "<<"); chan->fin = FRAMECOUNT_INC(chan->fin); + if (f && f->datalen == 0 && f->data) { + /* fix invalid pointer */ + f->data = NULL; +#ifdef AST_DEVMODE + ast_log(LOG_ERROR, "Found frame with src '%s' with datalen zero, but non-null data pointer!\n", f->src); + ast_frame_dump(chan->name, f, "<<"); +#else + ast_debug(3, "Found frame with src '%s' on channel '%s' with datalen zero, but non-null data pointer!\n", f->src, chan->name); +#endif + } + done: ast_channel_unlock(chan); return f;