Error in 'capidev_acquire_locks_from_thread_context' for asterisk >= 1.8. ast_channel_unlock was called after ast_channel_unref. In case ast_channel_unref released channel memory this resulted in access to already freed memory area

master
MelwareDE 11 years ago
parent dcbb83ac1f
commit 9fdc04e405
  1. 4
      chan_capi.c

@ -5729,10 +5729,11 @@ static struct ast_channel* capidev_acquire_locks_from_thread_context(struct capi
cc_mutex_lock(&i->lock);
owner = i->owner;
if (likely(owner != 0)) {
struct ast_channel *ref_owner = owner;
ast_channel_ref (owner);
cc_mutex_unlock(&i->lock);
ast_channel_lock(owner);
ast_channel_unref (owner);
cc_mutex_lock(&i->lock);
if (unlikely(i->owner == 0)) {
cc_mutex_unlock (&i->lock);
@ -5740,6 +5741,7 @@ static struct ast_channel* capidev_acquire_locks_from_thread_context(struct capi
cc_mutex_lock (&i->lock);
owner = 0;
}
ast_channel_unref (ref_owner);
}
#else
for (;;) {

Loading…
Cancel
Save