| Summary: | ASTERISK-16493: [patch] If EWS request fails, asterisk crashes because of double free | ||
| Reporter: | Bc. Jan Kaláb (pitel) | Labels: | |
| Date Opened: | 2010-08-03 05:18:53 | Date Closed: | 2010-09-17 03:46:47 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Resources/res_calendar |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) backtrace.txt ( 1) doublefree.patch | |
| Description: | Summary says it all | ||
| Comments: | By: Bc. Jan Kaláb (pitel) 2010-08-03 05:22:50 Patch removes call to ast_free() in function send_ews_request_and_parse() when request fails. The ast_free() function is always called after send_ews_request_and_parse() (lines 547, 607 and 646) so it should not produce any memory leaks. P.S. I thought ast_free() is checking if it can free the momory, but appereantly it doesn't. By: Paul Belanger (pabelanger) 2010-08-03 08:34:32 A backtrace of the crash would also be helpful to triage the issue forward. --- Thank you for your bug report. In order to move your issue forward, we require a backtrace from the core file produced after the crash. Please see the doc/backtrace.txt file in your Asterisk source directory. Also, be sure you have DONT_OPTIMIZE enabled in menuselect within the Compiler Flags section, then: make install after enabling, reproduce the crash, and then execute the instructions in doc/backtrace.txt. When complete, attach that file to this issue report. Thanks! By: Leif Madsen (lmadsen) 2010-08-05 15:24:11 Thanks for testing and for the patch! By: Terry Wilson (twilson) 2010-08-27 08:48:11 looks good By: Digium Subversion (svnbot) 2010-09-17 03:42:37 Repository: asterisk Revision: 287270 U branches/1.8/res/res_calendar_ews.c ------------------------------------------------------------------------ r287270 | pitel | 2010-09-17 03:42:37 -0500 (Fri, 17 Sep 2010) | 6 lines Asterisk crashing because of double free when EWS request fails The free is done later in code. I think ast_free() should have built in checks for double free. (closes issue ASTERISK-16493) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=287270 By: Digium Subversion (svnbot) 2010-09-17 03:46:46 Repository: asterisk Revision: 287272 _U trunk/ U trunk/res/res_calendar_caldav.c U trunk/res/res_calendar_ews.c U trunk/res/res_calendar_exchange.c U trunk/res/res_calendar_icalendar.c ------------------------------------------------------------------------ r287272 | pitel | 2010-09-17 03:46:45 -0500 (Fri, 17 Sep 2010) | 31 lines Merged revisions 287269-287271 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r287269 | pitel | 2010-09-17 10:37:49 +0200 (P?\195?\161, 17 z?\195?\161?\197?\153 2010) | 8 lines Support for HTTP redirects in calendar's URL libneon does not support HTTP redirects (3xx responses) by default. You must tell it to follow them. Also, another little unsigned int fix. (closes issue ASTERISK-16487) Review: https://reviewboard.asterisk.org/r/921/ ........ r287270 | pitel | 2010-09-17 10:42:37 +0200 (P?\195?\161, 17 z?\195?\161?\197?\153 2010) | 6 lines Asterisk crashing because of double free when EWS request fails The free is done later in code. I think ast_free() should have built in checks for double free. (closes issue ASTERISK-16493) ........ r287271 | pitel | 2010-09-17 10:44:28 +0200 (P?\195?\161, 17 z?\195?\161?\197?\153 2010) | 6 lines Events are visible after they were removed from EWS calendar Because we must merge calendar even when it's empty. (closes issue ASTERISK-16496) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=287272 | ||