Fix unintential memory retention in stringfields.

* Fix missing / unreachable calls to __ast_string_field_release_active. * Reset pool->used to zero when the current pool->active reaches zero. ASTERISK-24307 #close Reported by: Etienne Lessard Tested by: ibercom, Etienne Lessard Review: https://reviewboard.asterisk.org/r/4114/ ........ Merged revisions 427380 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 427381 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 427382 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 427384 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@427388 65c4cc65-6c06-0410-ace0-fbb531ad65f3
11 years ago · 7e2369310c
parent 362dde2229
commit 7e2369310c
2 changed files with 34 additions and 23 deletions
--- a/include/asterisk/stringfields.h
+++ b/include/asterisk/stringfields.h
@ -316,26 +316,28 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head,
 */
 #define ast_string_field_ptr_set(x, ptr, data) ast_string_field_ptr_set_by_fields((x)->__field_mgr_pool, (x)->__field_mgr, ptr, data)
-#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data) \
+#define ast_string_field_ptr_set_by_fields(field_mgr_pool, field_mgr, ptr, data)               \
-({ \
+({                                                                                             \
-    int __res__ = 0; \
+    int __res__ = 0;                                                                           \
-    const char *__d__ = (data);                                         \
+    const char *__d__ = (data);                                                                \
-    size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1;                              \
+    size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1;                                         \
-    ast_string_field *__p__ = (ast_string_field *) (ptr);                               \
+    ast_string_field *__p__ = (ast_string_field *) (ptr);                                      \
-    if (__dlen__ == 1) {                                                \
+    ast_string_field target = *__p__;                                                          \
-        __ast_string_field_release_active(field_mgr_pool, *__p__);                  \
+    if (__dlen__ == 1) {                                                                       \
-        *__p__ = __ast_string_field_empty;                                  \
+        __ast_string_field_release_active(field_mgr_pool, *__p__);                             \
-    } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) ||                         \
+        *__p__ = __ast_string_field_empty;                                                     \
-           (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) ||   \
+    } else if ((__dlen__ <= AST_STRING_FIELD_ALLOCATION(*__p__)) ||                            \
-           (*__p__ = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) {   \
+           (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, __p__)) ||     \
-        if (*__p__ != (*ptr)) {                                         \
+           (target = __ast_string_field_alloc_space(&field_mgr, &field_mgr_pool, __dlen__))) { \
-            __ast_string_field_release_active(field_mgr_pool, (*ptr));              \
+        if (target != *__p__) {                                                                \
-        }                                                   \
+            __ast_string_field_release_active(field_mgr_pool, *__p__);                         \
-        memcpy(* (void **) __p__, __d__, __dlen__);                             \
+            *__p__ = target;                                                                   \
-    } else { \
+        }                                                                                      \
-        __res__ = -1; \
+        memcpy(* (void **) __p__, __d__, __dlen__);                                            \
-    }                                                       \
+    } else {                                                                                   \
-    __res__; \
+        __res__ = -1;                                                                          \
    }                                                                                          \
    __res__;                                                                                   \
 })
 /*!
--- a/main/utils.c
+++ b/main/utils.c
@ -2099,9 +2099,13 @@ void __ast_string_field_release_active(struct ast_string_field_pool *pool_head,
 	for (pool = pool_head, prev = NULL; pool; prev = pool, pool = pool->prev) {
 		if ((ptr >= pool->base) && (ptr <= (pool->base + pool->size))) {
 			pool->active -= AST_STRING_FIELD_ALLOCATION(ptr);
-			if ((pool->active == 0) && prev) {
+			if (pool->active == 0) {
-				prev->prev = pool->prev;
+				if (prev) {
-				ast_free(pool);
+					prev->prev = pool->prev;
 					ast_free(pool);
 				} else {
 					pool->used = 0;
 				}
 			}
 			break;
 		}
@ -2150,6 +2154,11 @@ void __ast_string_field_ptr_build_va(struct ast_string_field_mgr *mgr,
 		/* Are we out of memory? */
 		return;
 	}
 	if (res == 0) {
 		__ast_string_field_release_active(*pool_head, *ptr);
 		*ptr = __ast_string_field_empty;
 		return;
 	}
 	needed = (size_t)res + 1; /* NUL byte */
 	if (needed > available) {