Module: kamailio Branch: master Commit: a620bfec37cdcdc5c5debcdfb5219b09464065fe URL: https://github.com/kamailio/kamailio/commit/a620bfec37cdcdc5c5debcdfb5219b09...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2015-08-27T15:38:03+02:00
mem: safety prev free checks for f_malloc extract operation
- following a report by Alex Balashov
---
Modified: mem/f_malloc.c
---
Diff: https://github.com/kamailio/kamailio/commit/a620bfec37cdcdc5c5debcdfb5219b09... Patch: https://github.com/kamailio/kamailio/commit/a620bfec37cdcdc5c5debcdfb5219b09...
---
diff --git a/mem/f_malloc.c b/mem/f_malloc.c index fa8cb49..a4def82 100644 --- a/mem/f_malloc.c +++ b/mem/f_malloc.c @@ -179,6 +179,29 @@ static inline void fm_extract_free(struct fm_block* qm, struct fm_frag* frag) pf = frag->prv_free; hash = GET_HASH(frag->size);
+ if(unlikely(pf==0)) { + /* try to discover previous fragment (safety review) */ + LM_WARN("missing prev info for fragment %p from %p [%d]\n", + frag, qm, hash); + if(likely(qm->free_hash[hash].first)) { + if(likely(qm->free_hash[hash].first==frag)) { + pf = &(qm->free_hash[hash].first); + } else { + for(pf=&(qm->free_hash[hash].first); (*pf); pf=&((*pf)->u.nxt_free)) { + if((*pf)->u.nxt_free==frag) { + break; + } + } + } + } + if(unlikely(pf==0)) { + LM_ALERT("attemting to extract inexistent fragment %p from %p [%d]\n", + frag, qm, hash); + return; + } + frag->prv_free = pf; + } + *pf=frag->u.nxt_free;
if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf;