[Freeswitch-dev] Switch_core_get_variable
Kevin Snow
kevin.snow at ooma.com
Wed Feb 2 22:39:07 MSK 2011
I found a hole in the way we handle core variables in FS.
Switch_core_get_variable does the lookup and returns the found pointer. In
Switch_core_set_variable the first step it does is look up the variable and
free it (if it exists). This would free it out from under another that has
just done a get on it. This is how I stumbled on this.
Is the right fix is to add a switch_core_get_variable_dup that dups the
string while in the mutex protection? I realize in the core case this will
require the caller to then free the returned memory, but this is better than
getting a bad pointer. This is analogous to the switch_channel_get_variable
and it¹s _dup implementation, although it dups it to session memory.
Switch_channel_get_variable¹s ability to peak through to the core variables
is susceptible to this. If a core variable is changed after
switch_channel_get_variable looks it up but before it dups to the session
pool, it¹ll have a bad pointer.
Kevin Snow
Ooma, Inc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20110202/65dd5123/attachment.html
More information about the FreeSWITCH-dev
mailing list