| Summary: | ASTERISK-06243: [patch] dereference after free in file.c::ast_closestream() | ||
| Reporter: | Luigi Rizzo (rizzo) | Labels: | |
| Date Opened: | 2006-02-02 14:24:05.000-0600 | Date Closed: | 2008-01-15 16:47:52.000-0600 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | near the end of file.c::ast_closestream(), the code calls the close() handler of the format, which frees the stream descriptor pointed by f. The following dereference of f->vfs so accesses memory that has been freed, with impredictable and possibly bad results. The trivial fix is to move the call to close() to the end of ast_closestream(). On a related topic i would suggest to have a look at http://bugs.digium.com/view.php?id=6375 that addresses various issues with the file management code. | ||
| Comments: | By: Kevin P. Fleming (kpfleming) 2006-02-14 18:31:25.000-0600 Fixed in trunk, thanks! By: Digium Subversion (svnbot) 2008-01-15 16:47:52.000-0600 Repository: asterisk Revision: 10139 U trunk/file.c ------------------------------------------------------------------------ r10139 | kpfleming | 2008-01-15 16:47:51 -0600 (Tue, 15 Jan 2008) | 2 lines don't dereference memory that has been freed (issue ASTERISK-6243) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=10139 | ||