https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r327950 | kpfleming | 2011-07-12 17:53:53 -0500 (Tue, 12 Jul 2011) | 14 lines Correct double-free situation in manager output processing. The process_output() function calls ast_str_append() and xml_translate() on its 'out' parameter, which is a pointer to an ast_str buffer. If either of these functions need to reallocate the ast_str so it will have more space, they will free the existing buffer and allocate a new one, returning the address of the new one. However, because process_output only receives a pointer to the ast_str, not a pointer to its caller's variable holding the pointer, if the original ast_str is freed, the caller will not know, and will continue to use it (and later attempt to free it). (reported by jkroon on #asterisk-dev) ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@327953 65c4cc65-6c06-0410-ace0-fbb531ad65f3remotes/origin/10-digiumphones
parent
ae3d614ab8
commit
d37ac6a8a0
Loading…
Reference in new issue