[asterisk-bugs] [Asterisk 0014623]: Race condition between bridge and channel masquerading

Sun Mar 8 20:33:08 CDT 2009

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14623 
====================================================================== 
Reported By:                guillecabeza
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   14623
Category:                   Core/Channels
Reproducibility:            sometimes
Severity:                   crash
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 180032 
Request Review:              
====================================================================== 
Date Submitted:             2009-03-08 16:07 CDT
Last Modified:              2009-03-08 20:33 CDT
====================================================================== 
Summary:                    Race condition between bridge and channel
masquerading
Description: 
The bridge checks for zombieness

/* Stop if we're a zombie or need a soft hangup */
		if (ast_test_flag(c0, AST_FLAG_ZOMBIE) || ast_check_hangup_locked(c0)
||
		    ast_test_flag(c1, AST_FLAG_ZOMBIE) || ast_check_hangup_locked(c1))
{

To see if some of the channels is going through a masquerading, but non
atomically, access to channel member variables happens a few lines later

if (!ast_strlen_zero(pbx_builtin_getvar_helper(c0, "BRIDGEPEER")))
     pbx_builtin_setvar_helper(c0, "BRIDGEPEER", c1->name);

Without locking on those acceses. That causes random crashes when the
memory is touched or free'd later.

====================================================================== 

---------------------------------------------------------------------- 
 (0101347) tilghman (administrator) - 2009-03-08 20:33
 http://bugs.digium.com/view.php?id=14623#c101347 
---------------------------------------------------------------------- 
When you're reporting a crash, we'd really prefer if you could submit a
stack backtrace, as detailed in doc/backtrace.txt, along with the report. 
If you'd like to submit a patch as well, that would be fine.

In terms of locking order, the code does not currently enforce a
particular order.  However, the stated policy for locking order between
channels is to lock the lowest memory address first.  The way it's
currently implemented in other places, though, is with trylock deadlock
avoidance.  You're welcome to implement either way, as we are not yet
enforcing the stated locking order. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-03-08 20:33 tilghman       Note Added: 0101347                          
======================================================================