Summary:ASTERISK-21693: Use of possibly uninitialized value in ast_channel_hangupcause_hash_set
Reporter:Mark Murawski (kobaz)Labels:
Date Opened:2013-04-25 13:47:38Date Closed:2013-09-03 12:08:53
Versions:11.3.0 Frequency of
is related toASTERISK-22378 [patch] fix various memory leaks
Environment:Attachments:( 0) chan_sip-21693.patch
Use of possibly uninitialized value in ast_channel_hangupcause_hash_set

--- channels/chan_sip.c (revision 386542)
+++ channels/chan_sip.c (working copy)
@@ -28011,6 +28011,9 @@
                               if (global_store_sip_cause) {
                                       cause_code->emulate_sip_cause = 1;
+                                else {
+                                       cause_code->emulate_sip_cause = 0;
+                                }

                               ast_queue_control_data(p->owner, AST_CONTROL_PVT_CAUSE_CODE, cause_code, data_size);
                               ast_channel_hangupcause_hash_set(p->owner, cause_code, data_size);
Comments:By: Rusty Newton (rnewton) 2013-04-26 10:57:52.494-0500

Mark - I know this is a tiny patch, but do you want to attach it via "More Actions -> Attach Files" so that it will be associated with your contributors license?  Legally we really require it.

By: Mark Murawski (kobaz) 2013-04-27 08:30:38.566-0500

Ah right.  Here you go.

By: Rusty Newton (rnewton) 2013-04-29 19:07:52.193-0500


By: John Hardin (jhardin) 2013-06-13 09:16:28.231-0500

This may be a broader issue, as there are several places where the data structure is allocated with ast_malloc or ast_alloca, but emulate_sip_cause is not initialized.

By: Corey Farrell (coreyfarrell) 2013-09-02 00:21:25.840-0500

Sorry I previously didn't see this ticket, I fixed this with other chan_sip cleanup in [ASTERISK-22378].  I'm not sure what you mean by several places that allocate this structure, I found only the one.

By: Mark Murawski (kobaz) 2013-09-02 10:46:27.253-0500


There's also an ao2_alloc for cause_code and an uninitialized emulate_sip_cause in this function:

int ast_channel_dialed_causes_add(const struct ast_channel *chan, const struct ast_control_pvt_cause_code *cause_code, int datalen)

I haven't gotten back to this ticket because I've focused on group variables so much.  I can upload the additional patch

By: Mark Murawski (kobaz) 2013-09-02 10:52:23.152-0500

Actually hmm.  Looking through the history of the branch there's a change in this function.  Previously the emulate_sip_cause was initialized to 0 and now that line has been taken out leaving me to believe that it's uninitialized, but looking at the code for ao2_alloc, which uses calloc.  We're good here.

If you don't see any other instances we can close this ticket.

By: Richard Mudgett (rmudgett) 2013-09-03 12:08:53.161-0500

Fix committed in revisions:
v11 -r397744
v12 -r397745
trunk -r397746