[sr-dev] git:kamailio_3.0: core: switch(string) memleak fix

Andrei Pelinescu-Onciul andrei at iptel.org
Mon Oct 11 11:43:56 CEST 2010 

Module: sip-router
Branch: kamailio_3.0
Commit: 335743621f54220e58c2f3da2712dcae837b31a0
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=335743621f54220e58c2f3da2712dcae837b31a0

Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei at iptel.org>
Date:   Sun Sep 26 21:28:47 2010 +0200

core: switch(string) memleak fix

When a switch(string) is used and one of the case blocks exits the
script (by drop, exit or a module function that causes the script
to end), the dynamic string rvals were not cleaned up.
This happened because run_actions() uses longjmp() to quickly end
the script (skipping this way over the cleanups done after the
run_actions() call).

Reported-by: Daniel-Constantin Mierla <miconda at gmail.com>
Reported-by: César Pinto Magán  Cesar.Pinto a-e es
(cherry picked from commit 6ab93de37f2f1991d3406f52ac9502a7c795ef55)

---

 action.c |   22 ++++++++++++++++++++++
 1 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/action.c b/action.c
index 4edf023..315cffb 100644
--- a/action.c
+++ b/action.c
@@ -1089,17 +1089,39 @@ sw_jt_def:
 					  regexec(mct->match[i].l.regex, s.s, 0, 0, 0) == 0)
 					){
 					if (likely(mct->jump[i])){
+						/* make sure we cleanup first, in case run_actions()
+						   exits the script directly via longjmp() */
+						if (rv1){
+							rval_destroy(rv1);
+							rval_destroy(rv);
+							rval_cache_clean(&c1);
+						}else if (rv){
+							rval_destroy(rv);
+							rval_cache_clean(&c1);
+						}
 						ret=run_actions(h, mct->jump[i], msg);
 						h->run_flags &= ~BREAK_R_F; /* catch breaks, but let
 													   returns passthrough */
+						break;
 					}
 					goto match_cleanup;
 				}
 match_cond_def:
 			if (mct->def){
+				/* make sure we cleanup first, in case run_actions()
+				   exits the script directly via longjmp() */
+				if (rv1){
+					rval_destroy(rv1);
+					rval_destroy(rv);
+					rval_cache_clean(&c1);
+				}else if (rv){
+					rval_destroy(rv);
+					rval_cache_clean(&c1);
+				}
 				ret=run_actions(h, mct->def, msg);
 				h->run_flags &= ~BREAK_R_F; /* catch breaks, but let
 											   returns passthrough */
+				break;
 			}
 match_cleanup:
 			if (rv1){

More information about the sr-dev mailing list