From 1bea4082a247656dc4a78024a5debd91d4f333ac Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Sat, 6 May 2006 02:31:22 +0000 Subject: [PATCH] fix a problem where the frame's data pointer is overwritten by the newly allocated data buffer before the data can be copied from it. This is in the ast_frisolate() function which is rarely used. (issue #6732, stefankroon) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@25164 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- frame.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/frame.c b/frame.c index e190618f6b..9006d5f7cc 100644 --- a/frame.c +++ b/frame.c @@ -304,37 +304,41 @@ void ast_frfree(struct ast_frame *fr) struct ast_frame *ast_frisolate(struct ast_frame *fr) { struct ast_frame *out; + void *newdata; + if (!(fr->mallocd & AST_MALLOCD_HDR)) { /* Allocate a new header if needed */ - if (!(out = ast_frame_header_new())) { + if (!(out = ast_frame_header_new())) return NULL; - } out->frametype = fr->frametype; out->subclass = fr->subclass; out->datalen = fr->datalen; out->samples = fr->samples; out->offset = fr->offset; - out->src = NULL; out->data = fr->data; - } else { + } else out = fr; - } + if (!(fr->mallocd & AST_MALLOCD_SRC)) { if (fr->src) out->src = strdup(fr->src); } else out->src = fr->src; + if (!(fr->mallocd & AST_MALLOCD_DATA)) { - if (!(out->data = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) { + if (!(newdata = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) { free(out); return NULL; } - out->data += AST_FRIENDLY_OFFSET; + newdata += AST_FRIENDLY_OFFSET; out->offset = AST_FRIENDLY_OFFSET; out->datalen = fr->datalen; - memcpy(out->data, fr->data, fr->datalen); + memcpy(newdata, fr->data, fr->datalen); + out->data = newdata; } + out->mallocd = AST_MALLOCD_HDR | AST_MALLOCD_SRC | AST_MALLOCD_DATA; + return out; }