| Summary: | ASTERISK-22788: [patch] main/translate.c: access to variable f after free in ast_translate() | ||
| Reporter: | Corey Farrell (coreyfarrell) | Labels: | |
| Date Opened: | 2013-10-29 00:41:35 | Date Closed: | 2013-11-22 11:12:51.000-0600 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | SVN 1.8.24.0 11.6.0 12.0.0-beta1 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | Attachments: | ( 0) translate-access-after-free-1.8.patch ( 1) translate-access-after-free-11up.patch ( 2) valgrind-access-error.txt | |
| Description: | If consume != 0 then "f" is free'd. It is later accessed if out != NULL and !ast_tvzero(delivery).
This can be reproduced by sending a single call into ConfBridge in asterisk 11. | ||
| Comments: | By: Corey Farrell (coreyfarrell) 2013-10-30 15:01:03.403-0500 I forgot to mention this test was done with frame cache disabled. With frame cache enabled valgrind would not have reported the error. | ||