[asterisk-bugs] [Asterisk 0012986]: [patch] segfault in app_chanspy.cpp

Thu Jul 3 15:48:30 CDT 2008

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12986 
====================================================================== 
Reported By:                andrew53
Assigned To:                putnopvut
====================================================================== 
Project:                    Asterisk
Issue ID:                   12986
Category:                   Applications/app_chanspy
Reproducibility:            random
Severity:                   crash
Priority:                   normal
Status:                     assigned
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 127434 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             07-03-2008 14:37 CDT
Last Modified:              07-03-2008 15:48 CDT
====================================================================== 
Summary:                    [patch] segfault in app_chanspy.cpp
Description: 
Due to some kind of race condition that I wasn't able to identify exactly
(most likely a channel disconnected while trying to attach to it for
monitoring), ast_bridged_channel(spyee) (called from channel_spy) returns
null pointer which start_spying tries to dereference without checking.
Backtrace and patch are attached.
====================================================================== 

---------------------------------------------------------------------- 
 andrew53 - 07-03-08 15:48  
---------------------------------------------------------------------- 
Why not like this though?

Index: apps/app_chanspy.c
===================================================================

--- apps/app_chanspy.c  (revision 127831)
+++ apps/app_chanspy.c  (working copy)
@@ -364,7 +364,7 @@
        start_spying(spyee, spyer_name, &csth.whisper_audiohook); /*
Unlocks spyee */
        if ((spyee_bridge = ast_bridged_channel(spyee))) {
                ast_channel_lock(spyee_bridge);
-               start_spying(ast_bridged_channel(spyee), spyer_name,
&csth.bridge_whisper_audiohook);
+               start_spying(spyee_bridge, spyer_name,
&csth.bridge_whisper_audiohook);
                ast_channel_unlock(spyee_bridge);
        }
        ast_channel_unlock(spyee); 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-03-08 15:48  andrew53       Note Added: 0089716                          
======================================================================


