[asterisk-bugs] [Asterisk 0012590]: crash on call transfer

noreply at bugs.digium.com noreply at bugs.digium.com
Tue May 6 16:45:43 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12590 
====================================================================== 
Reported By:                vi
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12590
Category:                   Core-General
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.19 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             05-06-2008 09:04 CDT
Last Modified:              05-06-2008 16:45 CDT
====================================================================== 
Summary:                    crash on call transfer
Description: 
asterisk 1.4.19.1 crashes when I try to transfer a call from one SIP phone
to another.
====================================================================== 

---------------------------------------------------------------------- 
 davidw - 05-06-08 16:45  
---------------------------------------------------------------------- 
On a quick look of the code, it looks like the parking thread isn't started
if there is no features.conf, but the parking extension is still
initialised to the default of "700", and ast_parking_ext returns it without
checking whether parking is properly initialised.

The magic handling of transfers to the parking extension in the SIP
channel doesn't check the result of ast_parking_ext before comparing it
(which would make setting it to NULL unsafe).  Incidentally it also ignores
the context in doing the check.

As a result, attempting a SIP transfer to 700 causes an attempt to send a
signal to a thread whose thread descriptor hasn't been initialised.

If you are using 700 and 701 as real extensions, and don't have a
features.conf, a workaround would be to add a features.conf and set the
parking extension to something safe, maybe alphabetic.  I'm not sure if a
proper fix can just get away with setting the value to an empty string, or
whether that can be a legitimate target of a SIP transfer.

Please confirm that you don't have features.conf and that 700 and 701 are
"real" extensions. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
05-06-08 16:45  davidw         Note Added: 0086503                          
======================================================================

More information about the asterisk-bugs mailing list