[asterisk-bugs] [Asterisk 0014478]: Blind transfer to parking from SIP phone crashes Asterisk

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Feb 19 18:38:21 CST 2009


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14478 
====================================================================== 
Reported By:                erik_dedecker
Assigned To:                jpeeler
====================================================================== 
Project:                    Asterisk
Issue ID:                   14478
Category:                   Features/Parking
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     acknowledged
Asterisk Version:           1.6.0.5 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-02-14 06:22 CST
Last Modified:              2009-02-19 18:38 CST
====================================================================== 
Summary:                    Blind transfer to parking from SIP phone crashes
Asterisk
Description: 
ested with SIP phone Thomson ST2030 firmware V1.66 (and others)

After a BLIND transfer to a parking lot, using the phone transfer button,
the ST2030 hangsup the call ( channel status is AST_CAUSE_NORMAL_CLEARING
16)

Two issues arise : 

1. the saydigits application (ast_say_digits line 502 in features.c)
announcing the parking lot, tries to acces a hangup channel and crashes
Asterisk.

2. If this line is commented to avoid the issue, chan_sip.c tries to free
the allocated channel structures ( ast_free(d->req.data)lines 15901 150903
in chan_sip.c) and crashes Asterisk with a glibc free() error.

Before making any suggestions on how to correct the issue I would like to
have your advise on how avoid the crash by testing the channel status
before calling ast_say_digits and ast_free(d->req.data)

Testing d->chan2->hangupcause and not calling free() may not be the
solution because the channel still hangs arround. You can check this at the
CLI with core show channels. At a stop now it will eventually clear but its
not nice to have zombies hanging around !

Thanks in advance  

Erik


====================================================================== 

---------------------------------------------------------------------- 
 (0100426) svnbot (reporter) - 2009-02-19 18:38
 http://bugs.digium.com/view.php?id=14478#c100426 
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 177626

_U  branches/1.6.1/
U   branches/1.6.1/channels/chan_sip.c

------------------------------------------------------------------------
r177626 | jpeeler | 2009-02-19 18:38:20 -0600 (Thu, 19 Feb 2009) | 13
lines

Merged revisions 177624 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

........
  r177624 | jpeeler | 2009-02-19 18:35:53 -0600 (Thu, 19 Feb 2009) | 7
lines
  
  Set sip_request ast_str data to NULL so ast_str_copy allocates space
properly
  in copy_request
  
  (issue http://bugs.digium.com/view.php?id=14478)
  Reported by: erik_dedecker
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=177626 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-02-19 18:38 svnbot         Checkin                                      
2009-02-19 18:38 svnbot         Note Added: 0100426                          
======================================================================




More information about the asterisk-bugs mailing list