From cad50d6dbf2d666ec49fda4caa9b659d367a0dec Mon Sep 17 00:00:00 2001
From: Richard Mudgett <rmudgett@digium.com>
Date: Thu, 21 Jun 2018 16:39:45 -0500
Subject: [PATCH] VECTOR: Passing parameters with side effects to macros is
dangerous.
* Fix several instances where we were bumping a ref in the parameter and
then unrefing the object if it failed. The way the AST_VECTOR_APPEND()
and AST_VECTOR_REPLACE() macros are implemented means if it fails the new
value was never evaluated.
Change-Id: I2847872a455b11ea7e5b7ce697c0a455a1d0ac9a
---
bridges/bridge_softmix.c | 4 +++-
res/res_pjsip/pjsip_options.c | 5 +++--
res/res_pjsip_history.c | 3 ++-
res/res_pjsip_session.c | 5 ++++-
res/stasis/messaging.c | 5 +++--
5 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/bridges/bridge_softmix.c b/bridges/bridge_softmix.c
index 46b27f1042..249985a53b 100644
--- a/bridges/bridge_softmix.c
+++ b/bridges/bridge_softmix.c
@@ -2085,7 +2085,9 @@ static void remb_enable_collection(struct ast_bridge *bridge, struct ast_bridge_
}
}
- if (AST_VECTOR_REPLACE(&softmix_data->remb_collectors, bridge_stream_position, ao2_bump(sc->remb_collector))) {
+ ao2_ref(sc->remb_collector, +1);
+ if (AST_VECTOR_REPLACE(&softmix_data->remb_collectors, bridge_stream_position,
+ sc->remb_collector)) {
ao2_ref(sc->remb_collector, -1);
}
}
diff --git a/res/res_pjsip/pjsip_options.c b/res/res_pjsip/pjsip_options.c
index 579f70e02d..5eaf9e8fd4 100644
--- a/res/res_pjsip/pjsip_options.c
+++ b/res/res_pjsip/pjsip_options.c
@@ -1530,10 +1530,11 @@ static int sip_options_endpoint_compositor_add_task(void *obj)
ast_debug(3, "Adding endpoint compositor '%s' to AOR '%s'\n",
task_data->endpoint_state_compositor->name, task_data->aor_options->name);
+ ao2_ref(task_data->endpoint_state_compositor, +1);
if (AST_VECTOR_APPEND(&task_data->aor_options->compositors,
- ao2_bump(task_data->endpoint_state_compositor))) {
+ task_data->endpoint_state_compositor)) {
/* Failed to add so no need to update the endpoint status. Nothing changed. */
- ao2_cleanup(task_data->endpoint_state_compositor);
+ ao2_ref(task_data->endpoint_state_compositor, -1);
return 0;
}
diff --git a/res/res_pjsip_history.c b/res/res_pjsip_history.c
index eed06eed82..10bcd96187 100644
--- a/res/res_pjsip_history.c
+++ b/res/res_pjsip_history.c
@@ -1133,7 +1133,8 @@ static struct vector_history_t *filter_history(struct ast_cli_args *a)
} else if (!res) {
continue;
} else {
- if (AST_VECTOR_APPEND(output, ao2_bump(entry))) {
+ ao2_bump(entry);
+ if (AST_VECTOR_APPEND(output, entry)) {
ao2_cleanup(entry);
}
}
diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index 49ab875682..8b1012e5e0 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -250,7 +250,10 @@ struct ast_sip_session_media_state *ast_sip_session_media_state_clone(const stru
struct ast_sip_session_media *session_media = AST_VECTOR_GET(&media_state->sessions, index);
enum ast_media_type type = ast_stream_get_type(ast_stream_topology_get_stream(cloned->topology, index));
- AST_VECTOR_REPLACE(&cloned->sessions, index, ao2_bump(session_media));
+ ao2_bump(session_media);
+ if (AST_VECTOR_REPLACE(&cloned->sessions, index, session_media)) {
+ ao2_cleanup(session_media);
+ }
if (ast_stream_get_state(ast_stream_topology_get_stream(cloned->topology, index)) != AST_STREAM_STATE_REMOVED &&
!cloned->default_session[type]) {
cloned->default_session[type] = session_media;
diff --git a/res/stasis/messaging.c b/res/stasis/messaging.c
index 77a58745a1..a7716b8043 100644
--- a/res/stasis/messaging.c
+++ b/res/stasis/messaging.c
@@ -457,8 +457,9 @@ static struct message_subscription *get_or_create_subscription(struct ast_endpoi
ao2_link(endpoint_subscriptions, sub);
} else {
ast_rwlock_wrlock(&tech_subscriptions_lock);
- if (AST_VECTOR_APPEND(&tech_subscriptions, ao2_bump(sub))) {
- /* Release the ao2_bump that was for the vector and allocation references. */
+ ao2_ref(sub, +1);
+ if (AST_VECTOR_APPEND(&tech_subscriptions, sub)) {
+ /* Release the refs that were for the vector and the allocation. */
ao2_ref(sub, -2);
sub = NULL;
}
--
GitLab