From c0b3c923a46afc12837698a78a11b17a7fc384d8 Mon Sep 17 00:00:00 2001
From: Tilghman Lesher <tilghman@meg.abyt.es>
Date: Mon, 9 Nov 2009 07:37:52 +0000
Subject: [PATCH] Fix various problems detected with Valgrind.  * chan_console
 accessed pvts after deallocation.  * cdr_mysql stored a pointer that was
 freed by realloc()  * The module loader did not check usecount on shutdown,
 which led to chan_iax2  reading a timer that was already unloaded.  * The
 event subsystem sometimes creates an event with no IEs.  Due to a corner 
 condition, the code would read beyond the memory boundary.  * res_pktccops
 did not correctly check whether its monitor thread was started. (closes issue
 #16062)  Reported by: alexanderheinz  Patches:       
 20091109__issue16062.diff.txt uploaded by tilghman (license 14)  Tested by:
 tilghman

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@228798 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 addons/cdr_mysql.c      |  8 +++----
 channels/chan_console.c |  1 +
 main/event.c            |  4 +++-
 main/loader.c           | 47 ++++++++++++++++++++++++++---------------
 res/res_pktccops.c      |  2 +-
 5 files changed, 39 insertions(+), 23 deletions(-)

diff --git a/addons/cdr_mysql.c b/addons/cdr_mysql.c
index a6d37b31db..a7894acdc6 100644
--- a/addons/cdr_mysql.c
+++ b/addons/cdr_mysql.c
@@ -364,16 +364,16 @@ static int my_load_config_string(struct ast_config *cfg, const char *category, c
 		return -1;
 	}
 
+	tmp = ast_variable_retrieve(cfg, category, variable);
+
+	ast_str_set(field, 0, "%s", tmp ? tmp : def);
+
 	us->str = *field;
 
 	AST_LIST_LOCK(&unload_strings);
 	AST_LIST_INSERT_HEAD(&unload_strings, us, entry);
 	AST_LIST_UNLOCK(&unload_strings);
 
-	tmp = ast_variable_retrieve(cfg, category, variable);
-
-	ast_str_set(field, 0, "%s", tmp ? tmp : def);
-
 	return 0;
 }
 
diff --git a/channels/chan_console.c b/channels/chan_console.c
index 9141c3d1dd..df23c3dd12 100644
--- a/channels/chan_console.c
+++ b/channels/chan_console.c
@@ -1500,6 +1500,7 @@ return_error_pa_init:
 return_error:
 	if (pvts)
 		ao2_ref(pvts, -1);
+	pvts = NULL;
 	pvt_destructor(&globals);
 
 	return AST_MODULE_LOAD_DECLINE;
diff --git a/main/event.c b/main/event.c
index 070048b4b2..cc2efe9619 100644
--- a/main/event.c
+++ b/main/event.c
@@ -1067,6 +1067,7 @@ struct ast_event *ast_event_new(enum ast_event_type type, ...)
 	struct ast_event *event;
 	enum ast_event_ie_type ie_type;
 	struct ast_event_ie_val *ie_val;
+	int has_ie = 0;
 	AST_LIST_HEAD_NOLOCK_STATIC(ie_vals, ast_event_ie_val);
 
 	/* Invalid type */
@@ -1114,6 +1115,7 @@ struct ast_event *ast_event_new(enum ast_event_type type, ...)
 
 		if (insert) {
 			AST_LIST_INSERT_TAIL(&ie_vals, ie_value, entry);
+			has_ie = 1;
 		}
 	}
 	va_end(ap);
@@ -1154,7 +1156,7 @@ struct ast_event *ast_event_new(enum ast_event_type type, ...)
 		}
 	}
 
-	if (!ast_event_get_ie_raw(event, AST_EVENT_IE_EID)) {
+	if (has_ie && !ast_event_get_ie_raw(event, AST_EVENT_IE_EID)) {
 		/* If the event is originating on this server, add the server's
 		 * entity ID to the event. */
 		ast_event_append_ie_raw(&event, AST_EVENT_IE_EID, &ast_eid_default, sizeof(ast_eid_default));
diff --git a/main/loader.c b/main/loader.c
index f652d0da0d..4ab3134563 100644
--- a/main/loader.c
+++ b/main/loader.c
@@ -443,26 +443,39 @@ static struct ast_module *load_dynamic_module(const char *resource_in, unsigned
 void ast_module_shutdown(void)
 {
 	struct ast_module *mod;
-	AST_LIST_HEAD_NOLOCK_STATIC(local_module_list, ast_module);
-
-	/* We have to call the unload() callbacks in reverse order that the modules
-	 * exist in the module list so it is the reverse order of how they were
-	 * loaded. */
+	int somethingchanged = 1, final = 0;
 
 	AST_LIST_LOCK(&module_list);
-	while ((mod = AST_LIST_REMOVE_HEAD(&module_list, entry)))
-		AST_LIST_INSERT_HEAD(&local_module_list, mod, entry);
-	AST_LIST_UNLOCK(&module_list);
 
-	while ((mod = AST_LIST_REMOVE_HEAD(&local_module_list, entry))) {
-		if (mod->info->unload)
-			mod->info->unload();
-		/* Since this should only be called when shutting down "gracefully",
-		 * all channels should be down before we get to this point, meaning
-		 * there will be no module users left. */
-		AST_LIST_HEAD_DESTROY(&mod->users);
-		free(mod);
-	}
+	/*!\note Some resources, like timers, are started up dynamically, and thus
+	 * may be still in use, even if all channels are dead.  We must therefore
+	 * check the usecount before asking modules to unload. */
+	do {
+		if (!somethingchanged) {
+			/*!\note If we go through the entire list without changing
+			 * anything, ignore the usecounts and unload, then exit. */
+			final = 1;
+		}
+
+		/* Reset flag before traversing the list */
+		somethingchanged = 0;
+
+		AST_LIST_TRAVERSE_SAFE_BEGIN(&module_list, mod, entry) {
+			if (!final && mod->usecount) {
+				continue;
+			}
+			AST_LIST_REMOVE_CURRENT(entry);
+			if (mod->info->unload) {
+				mod->info->unload();
+			}
+			AST_LIST_HEAD_DESTROY(&mod->users);
+			free(mod);
+			somethingchanged = 1;
+		}
+		AST_LIST_TRAVERSE_SAFE_END;
+	} while (somethingchanged && !final);
+
+	AST_LIST_UNLOCK(&module_list);
 }
 
 int ast_unload_resource(const char *resource_name, enum ast_module_unload_mode force)
diff --git a/res/res_pktccops.c b/res/res_pktccops.c
index c3f7aa6bee..60e5c4efd9 100644
--- a/res/res_pktccops.c
+++ b/res/res_pktccops.c
@@ -1446,7 +1446,7 @@ static int load_module(void)
 static int unload_module(void)
 {
 	if (!ast_mutex_lock(&pktccops_lock)) {
-		if (pktccops_thread && (pktccops_thread != AST_PTHREADT_STOP)) {
+		if ((pktccops_thread != AST_PTHREADT_NULL) && (pktccops_thread != AST_PTHREADT_STOP)) {
 			pthread_cancel(pktccops_thread);
 			pthread_kill(pktccops_thread, SIGURG);
 			pthread_join(pktccops_thread, NULL);
-- 
GitLab