[sr-dev] git:kamailio_3.0: dialog(k): avoid double free

Module: sip-router Branch: kamailio_3.0 Commit: 9dca82405261dd925f845a98f2da26f7b1d12b54 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9dca824… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Fri Nov 27 14:32:29 2009 +0100 dialog(k): avoid double free - rested current dialog pointer when distroying dialog to avoid double free done from post script callback - reported by Klaus Feichtinger --- modules_k/dialog/dlg_hash.c | 4 ++++ modules_k/dialog/dlg_profile.c | 10 ++++++++++ modules_k/dialog/dlg_profile.h | 4 ++++ 3 files changed, 18 insertions(+), 0 deletions(-) diff --git a/modules_k/dialog/dlg_hash.c b/modules_k/dialog/dlg_hash.c index 65e5876..e879a1a 100644 --- a/modules_k/dialog/dlg_hash.c +++ b/modules_k/dialog/dlg_hash.c @@ -153,6 +153,9 @@ inline void destroy_dlg(struct dlg_cell *dlg) run_dlg_callbacks( DLGCB_DESTROY , dlg, 0, DLG_DIR_NONE, 0); + if(dlg==get_current_dlg_pointer()) + reset_current_dlg_pointer(); + if (dlg->cbs.first) destroy_dlg_callbacks_list(dlg->cbs.first); @@ -172,6 +175,7 @@ inline void destroy_dlg(struct dlg_cell *dlg) shm_free(dlg->cseq[DLG_CALLEE_LEG].s); shm_free(dlg); + dlg = 0; } diff --git a/modules_k/dialog/dlg_profile.c b/modules_k/dialog/dlg_profile.c index 1ee09cf..8df5792 100644 --- a/modules_k/dialog/dlg_profile.c +++ b/modules_k/dialog/dlg_profile.c @@ -69,6 +69,16 @@ static struct dlg_profile_table* new_dlg_profile( str *name, unsigned int size, unsigned int has_value); +struct dlg_cell *get_current_dlg_pointer(void) +{ + return current_dlg_pointer; +} + +void reset_current_dlg_pointer(void) +{ + current_dlg_pointer = NULL; +} + /*! * \brief Add profile definitions to the global list * \see new_dlg_profile diff --git a/modules_k/dialog/dlg_profile.h b/modules_k/dialog/dlg_profile.h index 2e9158f..c865c5e 100644 --- a/modules_k/dialog/dlg_profile.h +++ b/modules_k/dialog/dlg_profile.h @@ -79,6 +79,10 @@ struct dlg_profile_table { }; +struct dlg_cell *get_current_dlg_pointer(void); + +void reset_current_dlg_pointer(void); + /*! * \brief Add profile definitions to the global list * \see new_dlg_profile