From 09bfd5f6f2274139b4cc79cd20815f84b847e7c9 Mon Sep 17 00:00:00 2001 From: harish Date: Wed, 17 May 2023 00:21:21 +0530 Subject: [PATCH] topoh: memory leak fix for API call th_mask_callid_str & th_unmask_callid_str funtions used for API call to encode/decode call-ID uses static array declaration for callid_mbuf was unable to free callid data lump after use and leads to memory leak. when these futions was used through API call for topos memory leak bug as reported qm_free(): BUG: bad pointer 0x7faec4a7xxxx (out of memory block!) called from core: core/data_lump.c: free_lump(470) --- src/modules/topoh/th_msg.c | 36 +++++++----------------------------- 1 file changed, 7 insertions(+), 29 deletions(-) diff --git a/src/modules/topoh/th_msg.c b/src/modules/topoh/th_msg.c index 4762691845a..8698b7ab5d9 100644 --- a/src/modules/topoh/th_msg.c +++ b/src/modules/topoh/th_msg.c @@ -542,11 +542,8 @@ int th_unmask_callid(sip_msg_t *msg) return 0; } -#define TH_CALLID_SIZE 256 - int th_mask_callid_str(str *icallid, str *ocallid) { - static char th_callid_mbuf[TH_CALLID_SIZE]; str out; if(th_param_mask_callid==0) @@ -565,19 +562,9 @@ int th_mask_callid_str(str *icallid, str *ocallid) LM_ERR("cannot encode call-id\n"); return -1; } - - if(out.len>=TH_CALLID_SIZE) { - pkg_free(out.s); - LM_ERR("not enough callid buf size (needed %d)\n", out.len); - return -2; - } - - memcpy(th_callid_mbuf, out.s, out.len); - th_callid_mbuf[out.len] = '\0'; - - pkg_free(out.s); - - ocallid->s = th_callid_mbuf; + + out.s[out.len] = '\0'; + ocallid->s = out.s; ocallid->len = out.len; return 0; @@ -585,7 +572,7 @@ int th_mask_callid_str(str *icallid, str *ocallid) int th_unmask_callid_str(str *icallid, str *ocallid) { - static char th_callid_buf[TH_CALLID_SIZE]; + str out; if(th_param_mask_callid==0) @@ -610,18 +597,9 @@ int th_unmask_callid_str(str *icallid, str *ocallid) LM_ERR("failed to decode call-id\n"); return -2; } - if(out.len>=TH_CALLID_SIZE) { - pkg_free(out.s); - LM_ERR("not enough callid buf size (needed %d)\n", out.len); - return -2; - } - - memcpy(th_callid_buf, out.s, out.len); - th_callid_buf[out.len] = '\0'; - - pkg_free(out.s); - - ocallid->s = th_callid_buf; + + out.s[out.len] = '\0'; + ocallid->s = out.s; ocallid->len = out.len; return 0;