From fdc86bb44cb59604f932f20f6e7a45b5deb0eabe Mon Sep 17 00:00:00 2001
From: Richard Mudgett <rmudgett@digium.com>
Date: Tue, 27 Aug 2013 16:40:46 +0000
Subject: [PATCH] Fix uninitialized value in struct ast_control_pvt_cause_code
 usage.

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@397744 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_dahdi.c | 1 +
 channels/chan_iax2.c  | 1 +
 channels/chan_motif.c | 8 ++++----
 channels/chan_sip.c   | 1 +
 channels/sig_analog.c | 1 +
 channels/sig_pri.c    | 1 +
 channels/sig_ss7.c    | 1 +
 7 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index 140d4cb4b1..9159118410 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -4246,6 +4246,7 @@ static void dahdi_r2_on_call_disconnect(openr2_chan_t *r2chan, openr2_call_disco
 	snprintf(cause_str, sizeof(cause_str), "R2 DISCONNECT (%s)", openr2_proto_get_disconnect_string(cause));
 	datalen += strlen(cause_str);
 	cause_code = ast_alloca(datalen);
+	memset(cause_code, 0, datalen);
 	cause_code->ast_cause = dahdi_r2_cause_to_ast_cause(cause);
 	ast_copy_string(cause_code->chan_name, ast_channel_name(p->owner), AST_CHANNEL_NAME);
 	ast_copy_string(cause_code->code, cause_str, datalen + 1 - sizeof(*cause_code));
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 77b1471bc5..21bd1fc2e7 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -10243,6 +10243,7 @@ static int socket_process_helper(struct iax2_thread *thread)
 		data_size += strlen(subclass);
 
 		cause_code = ast_alloca(data_size);
+		memset(cause_code, 0, data_size);
 		ast_copy_string(cause_code->chan_name, ast_channel_name(iaxs[fr->callno]->owner), AST_CHANNEL_NAME);
 
 		cause_code->ast_cause = ies.causecode;
diff --git a/channels/chan_motif.c b/channels/chan_motif.c
index 86b31e0fb7..751e33a23d 100644
--- a/channels/chan_motif.c
+++ b/channels/chan_motif.c
@@ -2373,7 +2373,8 @@ static void jingle_action_session_terminate(struct jingle_endpoint *endpoint, st
 
 		/* Size of the string making up the cause code is "Motif " + text */
 		data_size += 6 + strlen(iks_name(text));
-		cause_code = ast_malloc(data_size);
+		cause_code = ast_alloca(data_size);
+		memset(cause_code, 0, data_size);
 
 		/* Get the appropriate cause code mapping for this reason */
 		for (i = 0; i < ARRAY_LEN(jingle_reason_mappings); i++) {
@@ -2387,7 +2388,8 @@ static void jingle_action_session_terminate(struct jingle_endpoint *endpoint, st
 		snprintf(cause_code->code, data_size - sizeof(*cause_code) + 1, "Motif %s", iks_name(text));
 	} else {
 		/* No technology specific information is available */
-		cause_code = ast_malloc(data_size);
+		cause_code = ast_alloca(data_size);
+		memset(cause_code, 0, data_size);
 	}
 
 	ast_copy_string(cause_code->chan_name, ast_channel_name(chan), AST_CHANNEL_NAME);
@@ -2395,8 +2397,6 @@ static void jingle_action_session_terminate(struct jingle_endpoint *endpoint, st
 	ast_queue_control_data(chan, AST_CONTROL_PVT_CAUSE_CODE, cause_code, data_size);
 	ast_channel_hangupcause_hash_set(chan, cause_code, data_size);
 
-	ast_free(cause_code);
-
 	ast_debug(3, "Hanging up channel '%s' due to session terminate message with cause '%d'\n", ast_channel_name(chan), cause);
 	ast_queue_hangup_with_cause(chan, cause);
 	session->gone = 1;
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 196322dcb9..ae9c0a46d2 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -28069,6 +28069,7 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as
 				/* size of the string making up the cause code is "SIP " + cause length */
 				data_size += 4 + strlen(REQ_OFFSET_TO_STR(req, rlpart2));
 				cause_code = ast_alloca(data_size);
+				memset(cause_code, 0, data_size);
 
 				ast_copy_string(cause_code->chan_name, ast_channel_name(p->owner), AST_CHANNEL_NAME);
 
diff --git a/channels/sig_analog.c b/channels/sig_analog.c
index e710c2b24a..85fda9d61a 100644
--- a/channels/sig_analog.c
+++ b/channels/sig_analog.c
@@ -2734,6 +2734,7 @@ static struct ast_frame *__analog_handle_event(struct analog_pvt *p, struct ast_
 		subclass = analog_event2str(res);
 		data_size += strlen(subclass);
 		cause_code = ast_alloca(data_size);
+		memset(cause_code, 0, data_size);
 		cause_code->ast_cause = AST_CAUSE_NORMAL_CLEARING;
 		ast_copy_string(cause_code->chan_name, ast_channel_name(ast), AST_CHANNEL_NAME);
 		snprintf(cause_code->code, data_size - sizeof(*cause_code) + 1, "ANALOG %s", subclass);
diff --git a/channels/sig_pri.c b/channels/sig_pri.c
index e5fe18de63..01ceffce9a 100644
--- a/channels/sig_pri.c
+++ b/channels/sig_pri.c
@@ -1296,6 +1296,7 @@ static void pri_queue_pvt_cause_data(struct sig_pri_span *pri, int chanpos, cons
 	if (chan) {
 		int datalen = sizeof(*cause_code) + strlen(cause);
 		cause_code = ast_alloca(datalen);
+		memset(cause_code, 0, datalen);
 		cause_code->ast_cause = ast_cause;
 		ast_copy_string(cause_code->chan_name, ast_channel_name(chan), AST_CHANNEL_NAME);
 		ast_copy_string(cause_code->code, cause, datalen + 1 - sizeof(*cause_code));
diff --git a/channels/sig_ss7.c b/channels/sig_ss7.c
index d5a92c332c..baf152d4e9 100644
--- a/channels/sig_ss7.c
+++ b/channels/sig_ss7.c
@@ -411,6 +411,7 @@ static void ss7_queue_pvt_cause_data(struct ast_channel *owner, const char *caus
 	int datalen = sizeof(*cause_code) + strlen(cause);
 
 	cause_code = ast_alloca(datalen);
+	memset(cause_code, 0, datalen);
 	cause_code->ast_cause = ast_cause;
 	ast_copy_string(cause_code->chan_name, ast_channel_name(owner), AST_CHANNEL_NAME);
 	ast_copy_string(cause_code->code, cause, datalen + 1 - sizeof(*cause_code));
-- 
GitLab