diff options
author | alecdavis <alecdavis@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-03-19 08:05:06 +0000 |
---|---|---|
committer | alecdavis <alecdavis@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-03-19 08:05:06 +0000 |
commit | 4d518c5f566c2776b2707a7c7d0e63ff26152ae8 (patch) | |
tree | 3da8d600fe606e44df12c8e544bf288ea68f768b /main/astobj2.c | |
parent | 600a6c26eb350574737ed454724cc31eec026e0e (diff) |
Merged revisions 253490 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
........
r253490 | alecdavis | 2010-03-19 20:37:00 +1300 (Fri, 19 Mar 2010) | 19 lines
prevent segfault if bad magic number is encountered.
internal_ao2_ref uses INTERNAL_OBJ which mzy report 'bad magic number', but
internal_ao2_ref continues on, causing segfault.
Although AO2_MAGIC number is checked by INTERNAL_OBJ before internal_ao2_ref is
called, A02_MAGIC is being destroyed (or a wrong pointer) by the time
internal_ao2_ref uses INTERNAL_OBJ.
internal_ao2_ref now returns -1 if INTERNAL_OBJ encouters a bad magic number.
(issue #17037)
Reported by: alecdavis
Patches:
bug17037.diff.txt uploaded by alecdavis (license 585)
Tested by: alecdavis
........
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.2@253492 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main/astobj2.c')
-rw-r--r-- | main/astobj2.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/main/astobj2.c b/main/astobj2.c index 53f263946..cab3e06e2 100644 --- a/main/astobj2.c +++ b/main/astobj2.c @@ -262,6 +262,9 @@ static int __ao2_ref(void *user_data, const int delta) int current_value; int ret; + if (obj == NULL) + return -1; + /* if delta is 0, just return the refcount */ if (delta == 0) return (obj->priv_data.ref_counter); @@ -498,7 +501,7 @@ static struct bucket_list *__ao2_link(struct ao2_container *c, void *user_data, struct bucket_list *p; struct astobj2 *obj = INTERNAL_OBJ(user_data); - if (!obj) + if (obj == NULL) return NULL; if (INTERNAL_OBJ(c) == NULL) |