[asterisk-bugs] [Asterisk 0012162]: sipsock_read using unsafe structure

noreply at bugs.digium.com noreply at bugs.digium.com
Tue Jun 24 15:48:04 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12162 
====================================================================== 
Reported By:                norman
Assigned To:                svnbot
====================================================================== 
Project:                    Asterisk
Issue ID:                   12162
Category:                   Channels/chan_sip/General
Reproducibility:            random
Severity:                   minor
Priority:                   normal
Status:                     closed
Asterisk Version:           1.4.18 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             03-06-2008 13:09 CST
Last Modified:              06-24-2008 15:48 CDT
====================================================================== 
Summary:                    sipsock_read using unsafe structure
Description: 
While trying to track down a series of crashes after
http://bugs.digium.com/view.php?id=12063 was closed, I
noticed a crash happened after I saw this on the console:

    We could NOT get the channel lock for SIPstation032-06d12ea0! 

Running under valgrind, I noticed that sipsock_read was trying to lock
p->owner (via ast_channel_trylock in the loop), and when this failed, it
unlocks "p" then proceeds to use "p" and even p->owner (also unlocked and
potentially free'd.) Valgrind noted, in the case of the crash, this section
of code was accessing unallocated memory. 

I believe this happens rarely, when a channel has been closed at an
inconvient time. After I applied this quick patch and the patch from
http://bugs.digium.com/view.php?id=11940, I've never seen this problem while
under valgrind after over a week
of testing.
====================================================================== 

---------------------------------------------------------------------- 
 svnbot - 06-24-08 15:48  
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 124909

_U  trunk/

------------------------------------------------------------------------
r124909 | tilghman | 2008-06-24 15:48:03 -0500 (Tue, 24 Jun 2008) | 13
lines

Blocked revisions 124908 via svnmerge

........
r124908 | tilghman | 2008-06-24 15:52:43 -0500 (Tue, 24 Jun 2008) | 6
lines

Don't access the pvt structure if unable to acquire the lock.
(closes issue http://bugs.digium.com/view.php?id=12162)
 Reported by: norman
 Patches: 
       12162-lockfail.diff uploaded by qwell (license 4)

........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=124909 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
06-24-08 15:48  svnbot         Checkin                                      
06-24-08 15:48  svnbot         Note Added: 0089178                          
======================================================================

More information about the asterisk-bugs mailing list