sysmocom
/
asterisk
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

core/frame: Fix ast_frdup() and ast_frisolate() for empty text frames 

If a channel creates an AST_TEXT_FRAME with datalen == 0, the ast_frdup()
and ast_frisolate() functions could create a clone frame with an invalid
data.ptr which would cause a crash.  The proposed fix is to make sure that
for such empty text frames, ast_frdup() and ast_frisolate() return cloned
text frames with a valid data.ptr.

ASTERISK-28076
Reported by: Emmanuel BUU
Tested by: Emmanuel BUU

Change-Id: Ib882dd028598f13c4c233edbfdd7e54ad44a68e9
This commit is contained in:
neutrino88 2018-09-25 17:19:36 -04:00 committed by Richard Mudgett
parent b351b903b9
commit 406c5bef0a
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
main/frame.c
View File

@ -259,7 +259,7 @@ struct ast_frame *ast_frisolate(struct ast_frame *fr)
if (!(fr->mallocd & AST_MALLOCD_DATA)) {
/* The original frame has a non-malloced data buffer. */
if (!fr->datalen) {
if (!fr->datalen && fr->frametype != AST_FRAME_TEXT) {
/* Actually it's just an int so we can simply copy it. */
out->data.uint32 = fr->data.uint32;
return out;
@ -356,7 +356,8 @@ struct ast_frame *ast_frdup(const struct ast_frame *f)
*/
out->mallocd = AST_MALLOCD_HDR;
out->offset = AST_FRIENDLY_OFFSET;
if (out->datalen) {
/* Make sure that empty text frames have a valid data.ptr */
if (out->datalen || f->frametype == AST_FRAME_TEXT) {
out->data.ptr = buf + sizeof(*out) + AST_FRIENDLY_OFFSET;
memcpy(out->data.ptr, f->data.ptr, out->datalen);
} else {