From: Corey Farrell Date: Thu, 6 Nov 2014 09:10:47 +0000 (+0000) Subject: Fix unintential memory retention in stringfields. X-Git-Tag: 11.15.0-rc1~3^2~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9f3480121bd61814aa54151a228cc82aa8e4f6c;p=thirdparty%2Fasterisk.git Fix unintential memory retention in stringfields. * Fix missing / unreachable calls to __ast_string_field_release_active. * Reset pool->used to zero when the current pool->active reaches zero. ASTERISK-24307 #close Reported by: Etienne Lessard Tested by: ibercom, Etienne Lessard Review: https://reviewboard.asterisk.org/r/4114/ ........ Merged revisions 427380 from http://svn.asterisk.org/svn/asterisk/branches/1.8 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427381 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/include/asterisk/stringfields.h b/include/asterisk/stringfields.h index b5fdf9c8ee..e507183e45 100644 --- a/include/asterisk/stringfields.h +++ b/include/asterisk/stringfields.h @@ -315,21 +315,23 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head, */ #define ast_string_field_ptr_set(x, ptr, data) ast_string_field_ptr_set_by_fields((x)->__field_mgr_pool, (x)->__field_mgr, ptr, data) -#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data) do { \ - const char *__d__ = (data); \ - size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1; \ - ast_string_field *__p__ = (ast_string_field *) (ptr); \ - if (__dlen__ == 1) { \ - __ast_string_field_release_active(field_mgr_pool, *__p__); \ - *__p__ = __ast_string_field_empty; \ - } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) || \ - (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) || \ - (*__p__ = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) { \ - if (*__p__ != (*ptr)) { \ - __ast_string_field_release_active(field_mgr_pool, (*ptr)); \ - } \ - memcpy(* (void **) __p__, __d__, __dlen__); \ - } \ +#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data) do { \ + const char *__d__ = (data); \ + size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1; \ + ast_string_field *__p__ = (ast_string_field *) (ptr); \ + ast_string_field target = *__p__; \ + if (__dlen__ == 1) { \ + __ast_string_field_release_active(field_mgr_pool, *__p__); \ + *__p__ = __ast_string_field_empty; \ + } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) || \ + (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) || \ + (target = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) { \ + if (target != (*__p__)) { \ + __ast_string_field_release_active(field_mgr_pool, *__p__); \ + *__p__ = target; \ + } \ + memcpy(* (void **) __p__, __d__, __dlen__); \ + } \ } while (0) /*! diff --git a/main/utils.c b/main/utils.c index 2dd9c11fdf..cdb23fc78a 100644 --- a/main/utils.c +++ b/main/utils.c @@ -1998,9 +1998,13 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head, for (pool = pool_head, prev = NULL; pool; prev = pool, pool = pool->prev) { if ((ptr >= pool->base) && (ptr <= (pool->base + pool->size))) { pool->active -= AST_STRING_FIELD_ALLOCATION(ptr); - if ((pool->active == 0) && prev) { - prev->prev = pool->prev; - ast_free(pool); + if (pool->active == 0) { + if (prev) { + prev->prev = pool->prev; + ast_free(pool); + } else { + pool->used = 0; + } } break; } @@ -2049,6 +2053,11 @@ void __ast_string_field_ptr_build_va(struct ast_string_field_mgr *mgr, /* Are we out of memory? */ return; } + if (res == 0) { + __ast_string_field_release_active(*pool_head, *ptr); + *ptr = __ast_string_field_empty; + return; + } needed = (size_t)res + 1; /* NUL byte */ if (needed > available) {