[asterisk-bugs] [Asterisk 0012712]: MWI event mailbox and context strings in mwist struct destroyed at ast_taskprocessor_push
noreply at bugs.digium.com
noreply at bugs.digium.com
Fri May 23 13:31:29 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=12712
======================================================================
Reported By: tomo1657
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 12712
Category: Applications/app_voicemail
Reproducibility: always
Severity: minor
Priority: normal
Status: new
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 118059
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 05-23-2008 12:23 CDT
Last Modified: 05-23-2008 13:31 CDT
======================================================================
Summary: MWI event mailbox and context strings in mwist
struct destroyed at ast_taskprocessor_push
Description:
When mwi_sub_event_cb() calls ast_taskprocessor_push(), the strings
"mwist->mailbox" and "mwist->context" are no longer pointing to reliable
memory when handle_subscribe() is called in the processor when *datap is
accessed to retrieve the strings.
This results in messagecount() looking for mailboxes and contexts which
aren't proper strings, usually close to the original strings but sometimes
referencing something completely different.
Sample errors when the subscription is supposed to be 82623 at default:
app_voicemail.c:3188 messagecount: Couldn't find mailbox \MailboxExists
in context xExists
app_voicemail.c:3188 messagecount: Couldn't find mailbox 3 in context
default
app_voicemail.c:3188 messagecount: Couldn't find mailbox 82623 in context
defaul0
app_voicemail.c:3188 messagecount: Couldn't find mailbox started at [
440]
taskprocessor.c ast_taskprocessor_get() in context [ 440]
taskprocessor.c ast_taskprocessor_get()
As a test, I test set the strings inside handle_subscribe to something
constant, and all the subsequent queueing was fine:
static int handle_subscribe(void *datap)
{
unsigned int len;
struct mwi_sub *mwi_sub;
struct mwi_sub_task *p = datap;
p->mailbox="82623";
p->context="default";
...
But if I set the mwist data right before ast_taskprocessor_push() is
called in mwi_sub_event_cb(), the data is no longer reliable inside
handle_subscribe():
...
p->mailbox="82623";
p->context="default";
if (ast_taskprocessor_push(mwi_subscription_tps, handle_subscribe,
mwist) < 0) {
ast_free(mwist);
}
}
So the task processor push process must be destroying the mwist struct
data, or the data is being lost some how. I couldn't pinpoint where or
why, but not freeing mwist didn't solve the issue.
======================================================================
----------------------------------------------------------------------
putnopvut - 05-23-08 13:31
----------------------------------------------------------------------
I took a look at this and I have a hypothesis of what's happening wrong,
but I'm not 100% certain. What I think is happening is not that the
taskprocessor is changing the data, but that the copying of the strings
into the mwist struct is not deep enough. What's happening is that instead
of doing a deep copy of the strings, we instead do a shallow pointer
assignment. As soon as mwi_sub_event_cb returns, the event system frees the
event from which the information was taken, meaning that the taskprocessor
now is operating using pointers to invalid memory. I suspect that a deeper
copy in mwi_sub_event_cb will fix the issue. I will create a patch and
upload it so that you may test it.
Issue History
Date Modified Username Field Change
======================================================================
05-23-08 13:31 putnopvut Note Added: 0087270
======================================================================
More information about the asterisk-bugs
mailing list