From: jiangxc <jiangxc08@qq.com>
Date: Wed, 17 Jul 2024 09:02:33 +0000 (+0800)
Subject: res_agi.c: Prevent possible double free during `SPEECH RECOGNIZE`
X-Git-Tag: 21.6.0-rc1~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7b95752410ba7e6f630b8c4bcac44bc62aeeb39;p=thirdparty%2Fasterisk.git

res_agi.c: Prevent possible double free during `SPEECH RECOGNIZE`

When using the speech recognition module, crashes can occur
sporadically due to a "double free or corruption (out)" error. Now, in
the section where the audio stream is being captured in a loop, each
time after releasing fr, it is set to NULL to prevent repeated
deallocation.

Fixes #772

(cherry picked from commit 2d676c756002a82c3e6babf4594c2977a2a5836e)
---

diff --git a/res/res_agi.c b/res/res_agi.c
index 7d41a7e30f..f09329bb6f 100644
--- a/res/res_agi.c
+++ b/res/res_agi.c
@@ -3650,8 +3650,10 @@ static int handle_speechrecognize(struct ast_channel *chan, AGI *agi, int argc,
 			time(&current);
 			if ((current - start) >= timeout) {
 				reason = "timeout";
-				if (fr)
+				if (fr) {
 					ast_frfree(fr);
+					fr = NULL;
+				}
 				break;
 			}
 		}
@@ -3708,6 +3710,7 @@ static int handle_speechrecognize(struct ast_channel *chan, AGI *agi, int argc,
 				reason = "hangup";
 			}
 			ast_frfree(fr);
+			fr = NULL;
 		}
 	}