From: Jeff Peeler <jpeeler@digium.com>
Date: Tue, 26 Jan 2010 18:07:57 +0000 (+0000)
Subject: Fix crash resulting from frames with invalid data pointers.
X-Git-Tag: 11.0.0-beta1~3519
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1d293d0093d58aeae09a3525d9755fae9d42f181;p=thirdparty%2Fasterisk.git

Fix crash resulting from frames with invalid data pointers.

In ast_frdup the frame data union does not get set to point to malloced memory
if the datalen is zero, so make sure to handle the same case in ast_frisolate
appropriately.

(closes issue #16058)
Reported by: atis
Patches:
      bug16058-fix.patch uploaded by jpeeler (license 325)
Tested by: atis


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@243244 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/main/frame.c b/main/frame.c
index 1f1476c7c1..c90469bba1 100644
--- a/main/frame.c
+++ b/main/frame.c
@@ -435,6 +435,11 @@ struct ast_frame *ast_frisolate(struct ast_frame *fr)
 	}
 	
 	if (!(fr->mallocd & AST_MALLOCD_DATA))  {
+		if (!fr->datalen) {
+			out->data.uint32 = fr->data.uint32;
+			out->mallocd = AST_MALLOCD_HDR | AST_MALLOCD_SRC;
+			return out;
+		}
 		if (!(newdata = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) {
 			if (out->src != fr->src) {
 				ast_free((void *) out->src);