Fix unintential memory retention in stringfields.

* Fix missing / unreachable calls to __ast_string_field_release_active.
* Reset pool->used to zero when the current pool->active reaches zero.

ASTERISK-24307 #close
Reported by: Etienne Lessard
Tested by: ibercom, Etienne Lessard
Review: https://reviewboard.asterisk.org/r/4114/
........

Merged revisions 427380 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 427381 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 427382 from http://svn.asterisk.org/svn/asterisk/branches/12
........

Merged revisions 427384 from http://svn.asterisk.org/svn/asterisk/branches/13


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@427388 65c4cc65-6c06-0410-ace0-fbb531ad65f3

2 files changed, 34 insertions, 23 deletions

diff --git a/include/asterisk/stringfields.h b/include/asterisk/stringfields.h
index 9f4a1ae69..dc70960dc 100644
--- a/include/asterisk/stringfields.h
+++ b/include/asterisk/stringfields.h
@@ -316,26 +316,28 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head,
 */
 #define ast_string_field_ptr_set(x, ptr, data) ast_string_field_ptr_set_by_fields((x)->__field_mgr_pool, (x)->__field_mgr, ptr, data)
 
-#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data) \
-({ \
-    int __res__ = 0; \
-    const char *__d__ = (data);                                         \
-    size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1;                              \
-    ast_string_field *__p__ = (ast_string_field *) (ptr);                               \
-    if (__dlen__ == 1) {                                                \
-        __ast_string_field_release_active(field_mgr_pool, *__p__);                  \
-        *__p__ = __ast_string_field_empty;                                  \
-    } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) ||                         \
-           (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) ||   \
-           (*__p__ = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) {   \
-        if (*__p__ != (*ptr)) {                                         \
-            __ast_string_field_release_active(field_mgr_pool, (*ptr));              \
-        }                                                   \
-        memcpy(* (void **) __p__, __d__, __dlen__);                             \
-    } else { \
-        __res__ = -1; \
-    }                                                       \
-    __res__; \
+#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data)               \
+({                                                                                             \
+    int __res__ = 0;                                                                           \
+    const char *__d__ = (data);                                                                \
+    size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1;                                         \
+    ast_string_field *__p__ = (ast_string_field *) (ptr);                                      \
+    ast_string_field target = *__p__;                                                          \
+    if (__dlen__ == 1) {                                                                       \
+        __ast_string_field_release_active(field_mgr_pool, *__p__);                             \
+        *__p__ = __ast_string_field_empty;                                                     \
+    } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) ||                            \
+           (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) ||     \
+           (target = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) { \
+        if (target != *__p__) {                                                                \
+            __ast_string_field_release_active(field_mgr_pool, *__p__);                         \
+            *__p__ = target;                                                                   \
+        }                                                                                      \
+        memcpy(* (void **) __p__, __d__, __dlen__);                                            \
+    } else {                                                                                   \
+        __res__ = -1;                                                                          \
+    }                                                                                          \
+    __res__;                                                                                   \
 })
 
 /*!
diff --git a/main/utils.c b/main/utils.c
index 3a095ca7b..e3bb36e03 100644
--- a/main/utils.c
+++ b/main/utils.c
@@ -2099,9 +2099,13 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head,
 	for (pool = pool_head, prev = NULL; pool; prev = pool, pool = pool->prev) {
 		if ((ptr >= pool->base) && (ptr <= (pool->base + pool->size))) {
 			pool->active -= AST_STRING_FIELD_ALLOCATION(ptr);
-			if ((pool->active == 0) && prev) {
-				prev->prev = pool->prev;
-				ast_free(pool);
+			if (pool->active == 0) {
+				if (prev) {
+					prev->prev = pool->prev;
+					ast_free(pool);
+				} else {
+					pool->used = 0;
+				}
 			}
 			break;
 		}
@@ -2150,6 +2154,11 @@ void __ast_string_field_ptr_build_va(struct ast_string_field_mgr *mgr,
 		/* Are we out of memory? */
 		return;
 	}
+	if (res == 0) {
+		__ast_string_field_release_active(*pool_head, *ptr);
+		*ptr = __ast_string_field_empty;
+		return;
+	}
 	needed = (size_t)res + 1; /* NUL byte */
 
 	if (needed > available) {