Error in 'capidev_acquire_locks_from_thread_context' for asterisk >= 1.8. ast_channel_unlock was called after ast_channel_unref. In case ast_channel_unref released channel memory this resulted in access to already freed memory area
This commit is contained in:
parent
dcbb83ac1f
commit
9fdc04e405
|
@ -5729,10 +5729,11 @@ static struct ast_channel* capidev_acquire_locks_from_thread_context(struct capi
|
|||
cc_mutex_lock(&i->lock);
|
||||
owner = i->owner;
|
||||
if (likely(owner != 0)) {
|
||||
struct ast_channel *ref_owner = owner;
|
||||
|
||||
ast_channel_ref (owner);
|
||||
cc_mutex_unlock(&i->lock);
|
||||
ast_channel_lock(owner);
|
||||
ast_channel_unref (owner);
|
||||
cc_mutex_lock(&i->lock);
|
||||
if (unlikely(i->owner == 0)) {
|
||||
cc_mutex_unlock (&i->lock);
|
||||
|
@ -5740,6 +5741,7 @@ static struct ast_channel* capidev_acquire_locks_from_thread_context(struct capi
|
|||
cc_mutex_lock (&i->lock);
|
||||
owner = 0;
|
||||
}
|
||||
ast_channel_unref (ref_owner);
|
||||
}
|
||||
#else
|
||||
for (;;) {
|
||||
|
|
Loading…
Reference in New Issue