core/frame: Fix ast_frdup() and ast_frisolate() for empty text frames
If a channel creates an AST_TEXT_FRAME with datalen == 0, the ast_frdup() and ast_frisolate() functions could create a clone frame with an invalid data.ptr which would cause a crash. The proposed fix is to make sure that for such empty text frames, ast_frdup() and ast_frisolate() return cloned text frames with a valid data.ptr. ASTERISK-28076 Reported by: Emmanuel BUU Tested by: Emmanuel BUU Change-Id: Ib882dd028598f13c4c233edbfdd7e54ad44a68e9
This commit is contained in:
parent
b351b903b9
commit
406c5bef0a
|
@ -259,7 +259,7 @@ struct ast_frame *ast_frisolate(struct ast_frame *fr)
|
|||
|
||||
if (!(fr->mallocd & AST_MALLOCD_DATA)) {
|
||||
/* The original frame has a non-malloced data buffer. */
|
||||
if (!fr->datalen) {
|
||||
if (!fr->datalen && fr->frametype != AST_FRAME_TEXT) {
|
||||
/* Actually it's just an int so we can simply copy it. */
|
||||
out->data.uint32 = fr->data.uint32;
|
||||
return out;
|
||||
|
@ -356,7 +356,8 @@ struct ast_frame *ast_frdup(const struct ast_frame *f)
|
|||
*/
|
||||
out->mallocd = AST_MALLOCD_HDR;
|
||||
out->offset = AST_FRIENDLY_OFFSET;
|
||||
if (out->datalen) {
|
||||
/* Make sure that empty text frames have a valid data.ptr */
|
||||
if (out->datalen || f->frametype == AST_FRAME_TEXT) {
|
||||
out->data.ptr = buf + sizeof(*out) + AST_FRIENDLY_OFFSET;
|
||||
memcpy(out->data.ptr, f->data.ptr, out->datalen);
|
||||
} else {
|
||||
|
|
Loading…
Reference in New Issue