From 8084274becd2d795a3dd759a7cb94fb2ae525dbb Mon Sep 17 00:00:00 2001 From: markm Date: Mon, 18 Jul 2011 20:51:47 +0000 Subject: [PATCH] Merged revisions 328664 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.10 ................ r328664 | markm | 2011-07-18 16:50:13 -0400 (Mon, 18 Jul 2011) | 15 lines Merged revisions 328663 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r328663 | markm | 2011-07-18 16:47:04 -0400 (Mon, 18 Jul 2011) | 9 lines app_dial may double free a channel datastore When starting a call with originate, and having the callee channel run Bridge() on pickup, we will double free the dialed_interface_info datastore, causing a crash. Make sure to check if the datastore still exists before trying to free it. (closes issue ASTERISK-17917) Reported by: Mark Murawski Tested by: Mark Murawski ........ ................ git-svn-id: http://svn.digium.com/svn/asterisk/trunk@328665 f38db490-d61c-443f-a65b-d21fe96a405b --- apps/app_dial.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/app_dial.c b/apps/app_dial.c index f144d48ea..65f5666f2 100644 --- a/apps/app_dial.c +++ b/apps/app_dial.c @@ -2409,7 +2409,8 @@ static int dial_exec_full(struct ast_channel *chan, const char *data, struct ast * datastore again, causing a crash */ ast_channel_lock(chan); - if (!ast_channel_datastore_remove(chan, datastore)) { + datastore = ast_channel_datastore_find(chan, &dialed_interface_info, NULL); /* make sure we weren't cleaned up already */ + if (datastore && !ast_channel_datastore_remove(chan, datastore)) { ast_datastore_free(datastore); } ast_channel_unlock(chan);