From a5efd98835746bbf610396cd3516efc19a0dc00f Mon Sep 17 00:00:00 2001 From: Richard Mudgett Date: Mon, 28 Feb 2011 23:39:30 +0000 Subject: [PATCH] Fix valgrind reported invalid read/write for display text feature. git-svn-id: https://origsvn.digium.com/svn/libpri/branches/1.4@2233 2fbb986a-6c06-0410-b554-c9c1f0a7f128 --- q931.c | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/q931.c b/q931.c index ae28182..c9fec72 100644 --- a/q931.c +++ b/q931.c @@ -7194,6 +7194,7 @@ int q931_receive(struct q921_link *link, q931_h *h, int len) case MAINTENANCE_PROTOCOL_DISCRIMINATOR_1: case MAINTENANCE_PROTOCOL_DISCRIMINATOR_2: res = post_handle_maintenance_message(ctrl, h->pd, mh, c); + q931_display_clear(c); break; default: allow_event = 1; @@ -7212,12 +7213,11 @@ int q931_receive(struct q921_link *link, q931_h *h, int len) res = 0; } } else { + q931_display_clear(c); res = 0; } break; } - q931_display_subcmd(ctrl, c); - q931_display_clear(c); return res; } @@ -7961,6 +7961,10 @@ static struct q931_call *q931_find_held_call(struct pri *ctrl, struct q931_call * \param c Q.931 call leg. * \param missingmand Number of missing mandatory ie's. * + * \note + * When this function returns c may be destroyed so you can no + * longer dereference it. + * * \retval 0 if no error or event. * \retval Q931_RES_HAVEEVENT if have an event. * \retval -1 on error. @@ -7975,6 +7979,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct switch(mh->msg) { case Q931_RESTART: + q931_display_subcmd(ctrl, c); if (missingmand) { q931_status(ctrl, c, PRI_CAUSE_MANDATORY_IE_MISSING); pri_destroycall(ctrl, c); @@ -7989,6 +7994,8 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct ctrl->ev.restart.channel = q931_encode_channel(c); return Q931_RES_HAVEEVENT; case Q931_REGISTER: + q931_display_subcmd(ctrl, c); + /* Must be new call */ if (!c->newcall) { q931_status(ctrl, c, PRI_CAUSE_WRONG_CALL_STATE); @@ -8018,6 +8025,8 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct q931_fill_ring_event(ctrl, c); return Q931_RES_HAVEEVENT; case Q931_SETUP: + q931_display_subcmd(ctrl, c); + if (missingmand) { q931_release_complete(ctrl, c, PRI_CAUSE_MANDATORY_IE_MISSING); break; @@ -8061,6 +8070,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct q931_fill_ring_event(ctrl, c); return Q931_RES_HAVEEVENT; case Q931_ALERTING: + q931_display_subcmd(ctrl, c); stop_t303(c); if (c->newcall) { q931_release_complete(ctrl,c,PRI_CAUSE_INVALID_CALL_REFERENCE); @@ -8096,6 +8106,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct return Q931_RES_HAVEEVENT; case Q931_CONNECT: + q931_display_subcmd(ctrl, c); stop_t303(c); if (c->newcall) { q931_release_complete(ctrl,c,PRI_CAUSE_INVALID_CALL_REFERENCE); @@ -8151,6 +8162,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } break; case Q931_FACILITY: + q931_display_subcmd(ctrl, c); if (c->newcall) { q931_release_complete(ctrl,c,PRI_CAUSE_INVALID_CALL_REFERENCE); break; @@ -8167,7 +8179,6 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct default: break; } - q931_display_subcmd(ctrl, c); if (ctrl->subcmds.counter_subcmd) { q931_fill_facility_event(ctrl, c); return Q931_RES_HAVEEVENT; @@ -8183,6 +8194,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct ctrl->ev.proceeding.cause = c->cause; /* Fall through */ case Q931_CALL_PROCEEDING: + q931_display_subcmd(ctrl, c); stop_t303(c); ctrl->ev.proceeding.subcmds = &ctrl->subcmds; if (c->newcall) { @@ -8215,6 +8227,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } return Q931_RES_HAVEEVENT; case Q931_CONNECT_ACKNOWLEDGE: + q931_display_subcmd(ctrl, c); if (c->newcall) { q931_release_complete(ctrl,c,PRI_CAUSE_INVALID_CALL_REFERENCE); break; @@ -8241,6 +8254,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } break; case Q931_STATUS: + q931_display_subcmd(ctrl, c); if (missingmand) { q931_status(ctrl, c, PRI_CAUSE_MANDATORY_IE_MISSING); pri_destroycall(ctrl, c); @@ -8303,6 +8317,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } break; case Q931_RELEASE_COMPLETE: + q931_display_subcmd(ctrl, c); c->hangupinitiated = 1; UPDATE_OURCALLSTATE(ctrl, c, Q931_CALL_STATE_NULL); c->peercallstate = Q931_CALL_STATE_NULL; @@ -8340,6 +8355,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct pri_hangup(ctrl,c,c->cause); break; case Q931_RELEASE: + q931_display_subcmd(ctrl, c); c->hangupinitiated = 1; if (missingmand) { /* Force cause to be mandatory IE missing */ @@ -8381,6 +8397,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } return Q931_RES_HAVEEVENT; case Q931_DISCONNECT: + q931_display_subcmd(ctrl, c); c->hangupinitiated = 1; if (missingmand) { /* Still let user call release */ @@ -8479,6 +8496,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } break; case Q931_RESTART_ACKNOWLEDGE: + q931_display_subcmd(ctrl, c); UPDATE_OURCALLSTATE(ctrl, c, Q931_CALL_STATE_NULL); c->peercallstate = Q931_CALL_STATE_NULL; ctrl->ev.e = PRI_EVENT_RESTART_ACK; @@ -8489,6 +8507,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct overlap dialing received digit + the "Complete" msg which is basically an EOF on further digits XXX */ + q931_display_subcmd(ctrl, c); if (c->newcall) { q931_release_complete(ctrl,c,PRI_CAUSE_INVALID_CALL_REFERENCE); break; @@ -8518,12 +8537,14 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct ctrl->ev.ring.complete = c->complete; /* this covers IE 33 (Sending Complete) */ return Q931_RES_HAVEEVENT; case Q931_STATUS_ENQUIRY: + q931_display_clear(c); if (c->newcall) { q931_release_complete(ctrl, c, PRI_CAUSE_INVALID_CALL_REFERENCE); } else q931_status(ctrl,c, PRI_CAUSE_RESPONSE_TO_STATUS_ENQUIRY); break; case Q931_SETUP_ACKNOWLEDGE: + q931_display_subcmd(ctrl, c); stop_t303(c); if (c->newcall) { q931_release_complete(ctrl,c,PRI_CAUSE_INVALID_CALL_REFERENCE); @@ -8638,8 +8659,10 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct res = Q931_RES_HAVEEVENT; break; } + q931_display_subcmd(ctrl, c); return res; case Q931_HOLD: + q931_display_subcmd(ctrl, c); res = 0; if (!ctrl->hold_support) { /* @@ -8705,6 +8728,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } return res; case Q931_HOLD_ACKNOWLEDGE: + q931_display_subcmd(ctrl, c); res = 0; master_call = c->master_call; switch (master_call->hold_state) { @@ -8733,6 +8757,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } return res; case Q931_HOLD_REJECT: + q931_display_subcmd(ctrl, c); res = 0; master_call = c->master_call; switch (master_call->hold_state) { @@ -8760,6 +8785,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } return res; case Q931_RETRIEVE: + q931_display_subcmd(ctrl, c); res = 0; switch (c->ourcallstate) { case Q931_CALL_STATE_CALL_RECEIVED: @@ -8818,6 +8844,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } return res; case Q931_RETRIEVE_ACKNOWLEDGE: + q931_display_subcmd(ctrl, c); res = 0; master_call = c->master_call; switch (master_call->hold_state) { @@ -8840,6 +8867,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct } return res; case Q931_RETRIEVE_REJECT: + q931_display_subcmd(ctrl, c); res = 0; master_call = c->master_call; switch (master_call->hold_state) { @@ -8889,6 +8917,7 @@ static int post_handle_q931_message(struct pri *ctrl, struct q931_mh *mh, struct default: pri_error(ctrl, "!! Don't know how to post-handle message type %s (0x%X)\n", msg2str(mh->msg), mh->msg); + q931_display_clear(c); q931_status(ctrl,c, PRI_CAUSE_MESSAGE_TYPE_NONEXIST); if (!c->master_call->outboundbroadcast && c->newcall) { /*