summaryrefslogtreecommitdiff
path: root/channels/chan_agent.c
diff options
context:
space:
mode:
authorRichard Mudgett <rmudgett@digium.com>2012-05-31 18:39:30 +0000
committerRichard Mudgett <rmudgett@digium.com>2012-05-31 18:39:30 +0000
commitdd2427c1414d62cd7e3c867f17de9d6dbac844fe (patch)
tree5760fb673e236d0f58b094240de81ca9780cd135 /channels/chan_agent.c
parentfdb002a43a819542693815767a0ca9aba135f18c (diff)
Coverity Report: Fix issues for error type REVERSE_INULL (core modules)
* Fixes findings: 0-2,5,7-15,24-26,28-31 (issue ASTERISK-19648) Reported by: Matt Jordan ........ Merged revisions 368039 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 368042 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@368052 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'channels/chan_agent.c')
-rw-r--r--channels/chan_agent.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/channels/chan_agent.c b/channels/chan_agent.c
index 14447c754..29f49f82e 100644
--- a/channels/chan_agent.c
+++ b/channels/chan_agent.c
@@ -517,21 +517,27 @@ static struct agent_pvt *add_agent(const char *agent, int pending)
/*!
* Deletes an agent after doing some clean up.
* Further documentation: How safe is this function ? What state should the agent be to be cleaned.
+ *
+ * \warning XXX This function seems to be very unsafe.
+ * Potential for double free and use after free among other
+ * problems.
+ *
* \param p Agent to be deleted.
* \returns Always 0.
*/
static int agent_cleanup(struct agent_pvt *p)
{
- struct ast_channel *chan = NULL;
+ struct ast_channel *chan;
+
ast_mutex_lock(&p->lock);
chan = p->owner;
p->owner = NULL;
- ast_channel_tech_pvt_set(chan, NULL);
/* Release ownership of the agent to other threads (presumably running the login app). */
p->app_sleep_cond = 1;
p->app_lock_flag = 0;
ast_cond_signal(&p->app_complete_cond);
if (chan) {
+ ast_channel_tech_pvt_set(chan, NULL);
chan = ast_channel_release(chan);
}
if (p->dead) {
@@ -540,7 +546,9 @@ static int agent_cleanup(struct agent_pvt *p)
ast_cond_destroy(&p->app_complete_cond);
ast_cond_destroy(&p->login_wait_cond);
ast_free(p);
- }
+ } else {
+ ast_mutex_unlock(&p->lock);
+ }
return 0;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 16:05:21 +0000