diff options
author | Corey Farrell <git@cfware.com> | 2014-11-06 09:18:48 +0000 |
---|---|---|
committer | Corey Farrell <git@cfware.com> | 2014-11-06 09:18:48 +0000 |
commit | 7e2369310c974975a0cce7286fdb8d37e4d06490 (patch) | |
tree | f590a506b3b1542baeab291105345a62fa4b743c | |
parent | 362dde22293c966594a30d4386212dc12dc690f3 (diff) |
Fix unintential memory retention in stringfields.
* Fix missing / unreachable calls to __ast_string_field_release_active.
* Reset pool->used to zero when the current pool->active reaches zero.
ASTERISK-24307 #close
Reported by: Etienne Lessard
Tested by: ibercom, Etienne Lessard
Review: https://reviewboard.asterisk.org/r/4114/
........
Merged revisions 427380 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 427381 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 427382 from http://svn.asterisk.org/svn/asterisk/branches/12
........
Merged revisions 427384 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@427388 65c4cc65-6c06-0410-ace0-fbb531ad65f3
-rw-r--r-- | include/asterisk/stringfields.h | 42 | ||||
-rw-r--r-- | main/utils.c | 15 |
2 files changed, 34 insertions, 23 deletions
diff --git a/include/asterisk/stringfields.h b/include/asterisk/stringfields.h index 9f4a1ae69..dc70960dc 100644 --- a/include/asterisk/stringfields.h +++ b/include/asterisk/stringfields.h @@ -316,26 +316,28 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head, */ #define ast_string_field_ptr_set(x, ptr, data) ast_string_field_ptr_set_by_fields((x)->__field_mgr_pool, (x)->__field_mgr, ptr, data) -#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data) \ -({ \ - int __res__ = 0; \ - const char *__d__ = (data); \ - size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1; \ - ast_string_field *__p__ = (ast_string_field *) (ptr); \ - if (__dlen__ == 1) { \ - __ast_string_field_release_active(field_mgr_pool, *__p__); \ - *__p__ = __ast_string_field_empty; \ - } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) || \ - (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) || \ - (*__p__ = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) { \ - if (*__p__ != (*ptr)) { \ - __ast_string_field_release_active(field_mgr_pool, (*ptr)); \ - } \ - memcpy(* (void **) __p__, __d__, __dlen__); \ - } else { \ - __res__ = -1; \ - } \ - __res__; \ +#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data) \ +({ \ + int __res__ = 0; \ + const char *__d__ = (data); \ + size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1; \ + ast_string_field *__p__ = (ast_string_field *) (ptr); \ + ast_string_field target = *__p__; \ + if (__dlen__ == 1) { \ + __ast_string_field_release_active(field_mgr_pool, *__p__); \ + *__p__ = __ast_string_field_empty; \ + } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) || \ + (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) || \ + (target = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) { \ + if (target != *__p__) { \ + __ast_string_field_release_active(field_mgr_pool, *__p__); \ + *__p__ = target; \ + } \ + memcpy(* (void **) __p__, __d__, __dlen__); \ + } else { \ + __res__ = -1; \ + } \ + __res__; \ }) /*! diff --git a/main/utils.c b/main/utils.c index 3a095ca7b..e3bb36e03 100644 --- a/main/utils.c +++ b/main/utils.c @@ -2099,9 +2099,13 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head, for (pool = pool_head, prev = NULL; pool; prev = pool, pool = pool->prev) { if ((ptr >= pool->base) && (ptr <= (pool->base + pool->size))) { pool->active -= AST_STRING_FIELD_ALLOCATION(ptr); - if ((pool->active == 0) && prev) { - prev->prev = pool->prev; - ast_free(pool); + if (pool->active == 0) { + if (prev) { + prev->prev = pool->prev; + ast_free(pool); + } else { + pool->used = 0; + } } break; } @@ -2150,6 +2154,11 @@ void __ast_string_field_ptr_build_va(struct ast_string_field_mgr *mgr, /* Are we out of memory? */ return; } + if (res == 0) { + __ast_string_field_release_active(*pool_head, *ptr); + *ptr = __ast_string_field_empty; + return; + } needed = (size_t)res + 1; /* NUL byte */ if (needed > available) { |