From be3800c49d4a47527175d377a430ff16b87d0bb1 Mon Sep 17 00:00:00 2001
From: Corey Farrell <git@cfware.com>
Date: Wed, 20 Dec 2017 11:23:08 -0500
Subject: bridge: Old channel video source not set to NULL after unref.

The bridge holds onto the old channel video source after it's been
released.  This can lead to use after free errors.

ASTERISK-27229 #close

Change-Id: Ib2dab61677dd8a21f7ad53cdc9b8ca93297838b3
---
 main/bridge.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main/bridge.c b/main/bridge.c
index 5e065fb35..8284fd3af 100644
--- a/main/bridge.c
+++ b/main/bridge.c
@@ -3808,7 +3808,7 @@ void ast_bridge_update_talker_src_video_mode(struct ast_bridge *bridge, struct a
 		data->average_talking_energy = talker_energy;
 	} else if ((data->average_talking_energy < talker_energy) && is_keyframe) {
 		if (data->chan_old_vsrc) {
-			ast_channel_unref(data->chan_old_vsrc);
+			data->chan_old_vsrc = ast_channel_unref(data->chan_old_vsrc);
 		}
 		if (data->chan_vsrc) {
 			data->chan_old_vsrc = data->chan_vsrc;
-- 
cgit v1.2.3