From 1bea4082a247656dc4a78024a5debd91d4f333ac Mon Sep 17 00:00:00 2001
From: Russell Bryant <russell@russellbryant.com>
Date: Sat, 6 May 2006 02:31:22 +0000
Subject: [PATCH] fix a problem where the frame's data pointer is overwritten
 by the newly allocated data buffer before the data can be copied from it. 
 This is in the ast_frisolate() function which is rarely used.  (issue #6732,
 stefankroon)

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@25164 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 frame.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/frame.c b/frame.c
index e190618f6b..9006d5f7cc 100644
--- a/frame.c
+++ b/frame.c
@@ -304,37 +304,41 @@ void ast_frfree(struct ast_frame *fr)
 struct ast_frame *ast_frisolate(struct ast_frame *fr)
 {
 	struct ast_frame *out;
+	void *newdata;
+	
 	if (!(fr->mallocd & AST_MALLOCD_HDR)) {
 		/* Allocate a new header if needed */
-		if (!(out = ast_frame_header_new())) {
+		if (!(out = ast_frame_header_new()))
 			return NULL;
-		}
 		out->frametype = fr->frametype;
 		out->subclass = fr->subclass;
 		out->datalen = fr->datalen;
 		out->samples = fr->samples;
 		out->offset = fr->offset;
-		out->src = NULL;
 		out->data = fr->data;
-	} else {
+	} else
 		out = fr;
-	}
+	
 	if (!(fr->mallocd & AST_MALLOCD_SRC)) {
 		if (fr->src)
 			out->src = strdup(fr->src);
 	} else
 		out->src = fr->src;
+	
 	if (!(fr->mallocd & AST_MALLOCD_DATA))  {
-		if (!(out->data = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) {
+		if (!(newdata = ast_malloc(fr->datalen + AST_FRIENDLY_OFFSET))) {
 			free(out);
 			return NULL;
 		}
-		out->data += AST_FRIENDLY_OFFSET;
+		newdata += AST_FRIENDLY_OFFSET;
 		out->offset = AST_FRIENDLY_OFFSET;
 		out->datalen = fr->datalen;
-		memcpy(out->data, fr->data, fr->datalen);
+		memcpy(newdata, fr->data, fr->datalen);
+		out->data = newdata;
 	}
+
 	out->mallocd = AST_MALLOCD_HDR | AST_MALLOCD_SRC | AST_MALLOCD_DATA;
+	
 	return out;
 }