From aaa3884d4a9859cecc71866e992b490fc28951bb Mon Sep 17 00:00:00 2001
From: Corey Farrell <git@cfware.com>
Date: Wed, 20 Dec 2017 11:23:08 -0500
Subject: bridge: Old channel video source not set to NULL after unref.

The bridge holds onto the old channel video source after it's been
released.  This can lead to use after free errors.

ASTERISK-27229 #close

Change-Id: Ib2dab61677dd8a21f7ad53cdc9b8ca93297838b3
---
 main/bridge.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'main/bridge.c')

diff --git a/main/bridge.c b/main/bridge.c
index 7a937ea59..88d9e5487 100644
--- a/main/bridge.c
+++ b/main/bridge.c
@@ -3848,7 +3848,7 @@ void ast_bridge_update_talker_src_video_mode(struct ast_bridge *bridge, struct a
 		data->average_talking_energy = talker_energy;
 	} else if ((data->average_talking_energy < talker_energy) && is_keyframe) {
 		if (data->chan_old_vsrc) {
-			ast_channel_unref(data->chan_old_vsrc);
+			data->chan_old_vsrc = ast_channel_unref(data->chan_old_vsrc);
 		}
 		if (data->chan_vsrc) {
 			data->chan_old_vsrc = data->chan_vsrc;
-- 
cgit v1.2.3