Error in 'capidev_acquire_locks_from_thread_context' for asterisk >= 1.8. ast_channel_unlock was called after ast_channel_unref. In case ast_channel_unref released channel memory this resulted in access to already freed memory area
This commit is contained in:
parent
dcbb83ac1f
commit
9fdc04e405
|
@ -5729,10 +5729,11 @@ static struct ast_channel* capidev_acquire_locks_from_thread_context(struct capi
|
||||||
cc_mutex_lock(&i->lock);
|
cc_mutex_lock(&i->lock);
|
||||||
owner = i->owner;
|
owner = i->owner;
|
||||||
if (likely(owner != 0)) {
|
if (likely(owner != 0)) {
|
||||||
|
struct ast_channel *ref_owner = owner;
|
||||||
|
|
||||||
ast_channel_ref (owner);
|
ast_channel_ref (owner);
|
||||||
cc_mutex_unlock(&i->lock);
|
cc_mutex_unlock(&i->lock);
|
||||||
ast_channel_lock(owner);
|
ast_channel_lock(owner);
|
||||||
ast_channel_unref (owner);
|
|
||||||
cc_mutex_lock(&i->lock);
|
cc_mutex_lock(&i->lock);
|
||||||
if (unlikely(i->owner == 0)) {
|
if (unlikely(i->owner == 0)) {
|
||||||
cc_mutex_unlock (&i->lock);
|
cc_mutex_unlock (&i->lock);
|
||||||
|
@ -5740,6 +5741,7 @@ static struct ast_channel* capidev_acquire_locks_from_thread_context(struct capi
|
||||||
cc_mutex_lock (&i->lock);
|
cc_mutex_lock (&i->lock);
|
||||||
owner = 0;
|
owner = 0;
|
||||||
}
|
}
|
||||||
|
ast_channel_unref (ref_owner);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
for (;;) {
|
for (;;) {
|
||||||
|
|
Loading…
Reference in New Issue