diff options
| author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-07-13 16:51:18 +0000 |
|---|---|---|
| committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-07-13 16:51:18 +0000 |
| commit | 21e79935aa5e64a1d57545aa6e6f0b23d8bcec6c (patch) | |
| tree | b4344d2178148c008c44f0ccd7b48bca1d653a1e /res | |
| parent | 293230dcdfe4aabc7420f3603c023e75c5596825 (diff) | |
Access peer->cdr directly instead of through a saved off reference.
At this point in the code, it is possible that peer_cdr may be invalid.
Specifically, in the blind transfer code, CDRs are swapped between channels.
So, peer_cdr is no longer == peer->cdr.
The scenario that exposed a crash in this code was a blind transfer that hit
the system call limit, causing the transferee channel to get destroyed after
the transfer attempt failed. Even if it succeeds and this code doesn't crash,
this code was still trying to reset a CDR on a channel that was now owned by
a different thread, which is a BadThing(tm).
(ABE-2417)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@275994 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'res')
| -rw-r--r-- | res/res_features.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/res/res_features.c b/res/res_features.c index 8690d3ab5..4ebc83c8c 100644 --- a/res/res_features.c +++ b/res/res_features.c @@ -2195,7 +2195,7 @@ int ast_bridge_call(struct ast_channel *chan,struct ast_channel *peer,struct ast /* new channel */ ast_cdr_specialized_reset(new_peer_cdr,0); } else { - ast_cdr_specialized_reset(peer_cdr,0); /* nothing changed, reset the peer_cdr */ + ast_cdr_specialized_reset(peer->cdr, 0); /* nothing changed, reset the peer cdr */ } } |