From 2d676c756002a82c3e6babf4594c2977a2a5836e Mon Sep 17 00:00:00 2001
From: jiangxc <jiangxc08@qq.com>
Date: Wed, 17 Jul 2024 17:02:33 +0800
Subject: [PATCH] res_agi.c: Prevent possible double free during `SPEECH
 RECOGNIZE`

When using the speech recognition module, crashes can occur
sporadically due to a "double free or corruption (out)" error. Now, in
the section where the audio stream is being captured in a loop, each
time after releasing fr, it is set to NULL to prevent repeated
deallocation.

Fixes #772
---
 res/res_agi.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/res/res_agi.c b/res/res_agi.c
index 7d41a7e30f..f09329bb6f 100644
--- a/res/res_agi.c
+++ b/res/res_agi.c
@@ -3650,8 +3650,10 @@ static int handle_speechrecognize(struct ast_channel *chan, AGI *agi, int argc,
 			time(&current);
 			if ((current - start) >= timeout) {
 				reason = "timeout";
-				if (fr)
+				if (fr) {
 					ast_frfree(fr);
+					fr = NULL;
+				}
 				break;
 			}
 		}
@@ -3708,6 +3710,7 @@ static int handle_speechrecognize(struct ast_channel *chan, AGI *agi, int argc,
 				reason = "hangup";
 			}
 			ast_frfree(fr);
+			fr = NULL;
 		}
 	}
 
-- 
2.47.2