From 16d7e8fe066d6272f5341c6f556cce1a9b7def4f Mon Sep 17 00:00:00 2001
From: jpeeler <jpeeler@f38db490-d61c-443f-a65b-d21fe96a405b>
Date: Tue, 26 Jan 2010 18:16:19 +0000
Subject: Merged revisions 243244 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/trunk

........
  r243244 | jpeeler | 2010-01-26 12:07:57 -0600 (Tue, 26 Jan 2010) | 12 lines

  Fix crash resulting from frames with invalid data pointers.

  In ast_frdup the frame data union does not get set to point to malloced memory
  if the datalen is zero, so make sure to handle the same case in ast_frisolate
  appropriately.

  (closes issue #16058)
  Reported by: atis
  Patches:
        bug16058-fix.patch uploaded by jpeeler (license 325)
  Tested by: atis
........


git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.2@243247 f38db490-d61c-443f-a65b-d21fe96a405b
---
 main/frame.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'main')

diff --git a/main/frame.c b/main/frame.c
index 338cf0388..cb78800fe 100644
--- a/main/frame.c
+++ b/main/frame.c
@@ -441,6 +441,11 @@ struct ast_frame *ast_frisolate(struct ast_frame *fr)
 	}
 	
 	if (!(fr->mallocd & AST_MALLOCD_DATA))  {
+		if (!fr->datalen) {
+			out->data.uint32 = fr->data.uint32;
+			out->mallocd = AST_MALLOCD_HDR | AST_MALLOCD_SRC;
+			return out;
+		}
 		if (!(newdata = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) {
 			if (out->src != fr->src) {
 				ast_free((void *) out->src);
-- 
cgit v1.2.3