fix a problem where the frame's data pointer is overwritten by the newly

allocated data buffer before the data can be copied from it. This is in the ast_frisolate() function which is rarely used. (issue #6732, stefankroon) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@25164 65c4cc65-6c06-0410-ace0-fbb531ad65f3
19 years ago · 1bea4082a2
parent cb263ed3ea
commit 1bea4082a2
1 changed files with 12 additions and 8 deletions
--- a/frame.c
+++ b/frame.c
@ -304,37 +304,41 @@ void ast_frfree(struct ast_frame *fr)
 struct ast_frame *ast_frisolate(struct ast_frame *fr)
 {
 	struct ast_frame *out;
+	void *newdata;
+	
 	if (!(fr->mallocd & AST_MALLOCD_HDR)) {
 		/* Allocate a new header if needed */
-		if (!(out = ast_frame_header_new())) {
+		if (!(out = ast_frame_header_new()))
 			return NULL;
-		}
 		out->frametype = fr->frametype;
 		out->subclass = fr->subclass;
 		out->datalen = fr->datalen;
 		out->samples = fr->samples;
 		out->offset = fr->offset;
-		out->src = NULL;
 		out->data = fr->data;
-	} else {
+	} else
 		out = fr;
-	}
+	
 	if (!(fr->mallocd & AST_MALLOCD_SRC)) {
 		if (fr->src)
 			out->src = strdup(fr->src);
 	} else
 		out->src = fr->src;
+	
 	if (!(fr->mallocd & AST_MALLOCD_DATA))  {
-		if (!(out->data = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) {
+		if (!(newdata = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) {
 			free(out);
 			return NULL;
 		}
-		out->data += AST_FRIENDLY_OFFSET;
+		newdata += AST_FRIENDLY_OFFSET;
 		out->offset = AST_FRIENDLY_OFFSET;
 		out->datalen = fr->datalen;
-		memcpy(out->data, fr->data, fr->datalen);
+		memcpy(newdata, fr->data, fr->datalen);
+		out->data = newdata;
 	}
+
 	out->mallocd = AST_MALLOCD_HDR | AST_MALLOCD_SRC | AST_MALLOCD_DATA;
+	
 	return out;
 }