[asterisk-bugs] [Asterisk 0010301]: [patch] channel_find_locked causes loops (e.g. in handle_chanlist)

noreply at bugs.digium.com noreply at bugs.digium.com
Mon Jul 30 10:24:20 CDT 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10301 
====================================================================== 
Reported By:                fnordian
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   10301
Category:                   Core/Channels
Reproducibility:            sometimes
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:           1.4.9  
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             07-25-2007 09:44 CDT
Last Modified:              07-30-2007 10:24 CDT
====================================================================== 
Summary:                    [patch] channel_find_locked causes loops (e.g. in
handle_chanlist)
Description: 
Hi,
an error in channel_find_locked causes asterisk to loop under certain
circumstances. This happens when the function retries to find a channel
because it was locked. The prev-reference is already overwritten (NULL)
when the function walks through the list again. So the first element
matches and the whole thing (i.e. the using function) might start to loop.

====================================================================== 

---------------------------------------------------------------------- 
 fnordian - 07-30-07 10:24  
---------------------------------------------------------------------- 
channel_find_locked loops through the channel list and tries to find the
next matching channel. if there's a previous channel (prev), it loops
through the list, until it finds prev, skips it and sets prev = NULL. Then
the function tries to lock the channel and if that fails, it starts again
searching the channel list _from_the_beginning_ because prev is set to
zero. So the loop stops at the first element matching, instead of walking
through the list until prev. 

The patch restores prev before the funtion does the list-traversal again
and so fixes the bug. 
A better approach might be to only retry the locking instead of
list-traversal but this would block the list and might lead to a deadlock. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-30-07 10:24  fnordian       Note Added: 0068056                          
======================================================================

More information about the asterisk-bugs mailing list