[asterisk-bugs] [Asterisk 0012986]: [patch] segfault in app_chanspy.cpp

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Jul 3 15:03:48 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12986 
====================================================================== 
Reported By:                andrew53
Assigned To:                putnopvut
====================================================================== 
Project:                    Asterisk
Issue ID:                   12986
Category:                   Applications/app_chanspy
Reproducibility:            random
Severity:                   crash
Priority:                   normal
Status:                     assigned
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 127434 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             07-03-2008 14:37 CDT
Last Modified:              07-03-2008 15:03 CDT
====================================================================== 
Summary:                    [patch] segfault in app_chanspy.cpp
Description: 
Due to some kind of race condition that I wasn't able to identify exactly
(most likely a channel disconnected while trying to attach to it for
monitoring), ast_bridged_channel(spyee) (called from channel_spy) returns
null pointer which start_spying tries to dereference without checking.
Backtrace and patch are attached.
====================================================================== 

---------------------------------------------------------------------- 
 putnopvut - 07-03-08 15:03  
---------------------------------------------------------------------- 
Ah, I see what's happening here. Apparently, Chanspy() is being used on a
channel which is not bridged. This wasn't taken into consideration when
adding barge support to trunk. The patch you provided helps for the case
where start_spying is called with a NULL channel as an argument, but the
problem is that the channel could become NULL during that function call. It
is important to have the bridged channel locked (if it's non-NULL) through
the entire start_spying call. I will have a fix for this committed very
shortly. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-03-08 15:03  putnopvut      Note Added: 0089706                          
======================================================================

More information about the asterisk-bugs mailing list