Commit a fix for some memory access errors pointed out by the valgrind2.txt

output on issue #11698.

The issue here is that it is possible for an instance of a translator to get
destroyed while the frame allocated as a part of the translator is still being
processed.  Specifically, this is possible anywhere between a call to ast_read()
and ast_frame_free(), which is _a lot_ of places in the code.  The reason this
happens is that the channel might get masqueraded during this time.  During a
masquerade, existing translation paths get destroyed.

So, this patch fixes the issue in an API and ABI compatible way.  (This one is
 for you, paravoid!)

It changes an int in ast_frame to be used as flag bits.  The 1 bit is still used
to indicate that the frame contains timing information.  Also, a second flag has
been added to indicate that the frame came from a translator.  When a frame with
this flag gets released and has this flag, a function is called in translate.c to
let it know that this frame is doing being processed.  At this point, the flag gets
cleared.  Also, if the translator was requested to be destroyed while its internal
frame still had this flag set, its destruction has been deffered until it finds out
that the frame is no longer being processed.

Admittedly, this feels like a hack.  But, it does fix the issue, and I was not able 
to think of a better solution ...


git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@98943 f38db490-d61c-443f-a65b-d21fe96a405b

1 files changed, 10 insertions, 4 deletions

diff --git a/main/frame.c b/main/frame.c
index d6400a9af..88f6b4e76 100644
--- a/main/frame.c
+++ b/main/frame.c
@@ -43,6 +43,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 #include "asterisk/utils.h"
 #include "asterisk/threadstorage.h"
 #include "asterisk/linkedlists.h"
+#include "asterisk/translate.h"
 
 #ifdef TRACE_FRAMES
 static int headers;
@@ -368,6 +369,9 @@ void ast_frame_free(struct ast_frame *fr, int cache)
 #endif			
 		free(fr);
 	}
+
+	if (ast_test_flag(fr, AST_FRFLAG_FROM_TRANSLATOR))
+		ast_translate_frame_freed(fr);
 }
 
 /*!
@@ -379,7 +383,9 @@ struct ast_frame *ast_frisolate(struct ast_frame *fr)
 {
 	struct ast_frame *out;
 	void *newdata;
-	
+
+	ast_clear_flag(fr, AST_FRFLAG_FROM_TRANSLATOR);
+
 	if (!(fr->mallocd & AST_MALLOCD_HDR)) {
 		/* Allocate a new header if needed */
 		if (!(out = ast_frame_header_new()))
@@ -391,8 +397,8 @@ struct ast_frame *ast_frisolate(struct ast_frame *fr)
 		out->offset = fr->offset;
 		out->data = fr->data;
 		/* Copy the timing data */
-		out->has_timing_info = fr->has_timing_info;
-		if (fr->has_timing_info) {
+		ast_copy_flags(out, fr, AST_FRFLAG_HAS_TIMING_INFO);
+		if (ast_test_flag(fr, AST_FRFLAG_HAS_TIMING_INFO)) {
 			out->ts = fr->ts;
 			out->len = fr->len;
 			out->seqno = fr->seqno;
@@ -495,7 +501,7 @@ struct ast_frame *ast_frdup(const struct ast_frame *f)
 		/* Must have space since we allocated for it */
 		strcpy((char *)out->src, f->src);
 	}
-	out->has_timing_info = f->has_timing_info;
+	ast_copy_flags(out, f, AST_FRFLAG_HAS_TIMING_INFO);
 	out->ts = f->ts;
 	out->len = f->len;
 	out->seqno = f->seqno;