freetdm: fixing more potential null pointers in native bridge mode.

a2db3c24 · James Zhang · bfefbb55 · a2db3c24 · a2db3c24
--- a/libs/freetdm/src/ftmod/ftmod_sangoma_ss7/ftmod_sangoma_ss7_main.c
+++ b/libs/freetdm/src/ftmod/ftmod_sangoma_ss7/ftmod_sangoma_ss7_main.c
@@ -426,24 +426,33 @@ static void *ftdm_sangoma_ss7_run(ftdm_thread_t * me, void *obj)
 				/* note that the channels being dequeued here may not belong to this span
 				   they may belong to just about any other span that one of our channels
 				   happens to be bridged to */
-				sngss7_chan_data_t *peer_info = peerchan->call_data;
+				sngss7_chan_data_t *peer_info;
-				sngss7_chan_data_t *chan_info = peer_info->peer_data;
+				sngss7_chan_data_t *chan_info;
-				ftdmchan = chan_info->ftdmchan;
+				peer_info = peerchan->call_data;
-				/* 
+				if (peer_info) {
-				   if there is any state changes at all, those will be done in the opposite channel
+					chan_info = peer_info->peer_data;
-				   to peerchan (where the original event was received), therefore we must lock ftdmchan, 
+					if (chan_info) {
-				   but do not need to lock peerchan as we only read its event queue, which is already 
+						ftdmchan = chan_info->ftdmchan;
-				   locked when dequeueing */
+						if (ftdmchan) {
-				ftdm_channel_lock(ftdmchan);
+							/* 
-				/* clean out all pending stack events in the peer channel */
+							   if there is any state changes at all, those will be done in the opposite channel
-				while ((sngss7_event = ftdm_queue_dequeue(peer_info->event_queue))) {
+							   to peerchan (where the original event was received), therefore we must lock ftdmchan, 
-					ftdm_sangoma_ss7_process_peer_stack_event(ftdmchan, sngss7_event);
+							   but do not need to lock peerchan as we only read its event queue, which is already 
-					ftdm_safe_free(sngss7_event);
+							   locked when dequeueing */
-				}
+							ftdm_channel_lock(ftdmchan);
+							/* clean out all pending stack events in the peer channel */
+							while ((sngss7_event = ftdm_queue_dequeue(peer_info->event_queue))) {
+								ftdm_sangoma_ss7_process_peer_stack_event(ftdmchan, sngss7_event);
+								ftdm_safe_free(sngss7_event);
+							}
-				ftdm_channel_unlock(ftdmchan);				
+							ftdm_channel_unlock(ftdmchan);
+						}
+					}
+				}
 			}
 			/* clean out all pending stack events */
@@ -1519,9 +1528,11 @@ ftdm_status_t ftdm_sangoma_ss7_process_state_change (ftdm_channel_t *ftdmchan)
 			 */
 			if (ftdm_test_flag(ftdmchan, FTDM_CHANNEL_OUTBOUND)) {
 				sngss7_chan_data_t *peer_info = sngss7_info->peer_data;
-				sngss7_info->peer_data = NULL;
 				if (peer_info) {
-					peer_info->peer_data = NULL;
+					sngss7_info->peer_data = NULL;
+					if (peer_info) {
+						peer_info->peer_data = NULL;
+					}
 				}
 			}

--- a/libs/freetdm/src/ftmod/ftmod_sangoma_ss7/ftmod_sangoma_ss7_out.c
+++ b/libs/freetdm/src/ftmod/ftmod_sangoma_ss7/ftmod_sangoma_ss7_out.c
@@ -72,21 +72,23 @@ void ft_to_sngss7_iam (ftdm_channel_t * ftdmchan)
 						var, peer_span->signal_type);
 			} else {
 				peer_info = peer_chan->call_data;
-				SS7_INFO_CHAN(ftdmchan,"[CIC:%d]Starting native bridge with peer CIC %d\n", 
+				if (peer_info) {
-						sngss7_info->circuit->cic, peer_info->circuit->cic);
+					SS7_INFO_CHAN(ftdmchan,"[CIC:%d]Starting native bridge with peer CIC %d\n", 
+							sngss7_info->circuit->cic, peer_info->circuit->cic);
-				/* make each one of us aware of the native bridge */
-				peer_info->peer_data = sngss7_info;
+					/* make each one of us aware of the native bridge */
-				sngss7_info->peer_data = peer_info;
+					peer_info->peer_data = sngss7_info;
+					sngss7_info->peer_data = peer_info;
-				/* flush our own queue */
-				sngss7_flush_queue(sngss7_info->event_queue);
+					/* flush our own queue */
+					sngss7_flush_queue(sngss7_info->event_queue);
-				/* Go to up until release comes, note that state processing is done different and much simpler when there is a peer,
-				   We can't go to UP state right away yet though, so do not set the state to UP here, wait until the end of this function
+					/* Go to up until release comes, note that state processing is done different and much simpler when there is a peer,
-                   because moving from one state to another causes the ftdmchan->usrmsg structure to be wiped 
+					   We can't go to UP state right away yet though, so do not set the state to UP here, wait until the end of this function
-				   and we still need those variables for further IAM processing */
+					   because moving from one state to another causes the ftdmchan->usrmsg structure to be wiped 
-				native_going_up = FTDM_TRUE;
+					   and we still need those variables for further IAM processing */
+					native_going_up = FTDM_TRUE;
+				}
 			}
 		}
 	}