[asterisk-bugs] [Asterisk 0014623]: Race condition between bridge and channel masquerading

Mon Mar 9 07:17:59 CDT 2009

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14623 
====================================================================== 
Reported By:                guillecabeza
Assigned To:                russell
====================================================================== 
Project:                    Asterisk
Issue ID:                   14623
Category:                   Core/Channels
Reproducibility:            sometimes
Severity:                   crash
Priority:                   normal
Status:                     assigned
Asterisk Version:           SVN 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 180032 
Request Review:              
====================================================================== 
Date Submitted:             2009-03-08 16:07 CDT
Last Modified:              2009-03-09 07:17 CDT
====================================================================== 
Summary:                    Race condition between bridge and channel
masquerading
Description: 
The bridge checks for zombieness

/* Stop if we're a zombie or need a soft hangup */
		if (ast_test_flag(c0, AST_FLAG_ZOMBIE) || ast_check_hangup_locked(c0)
||
		    ast_test_flag(c1, AST_FLAG_ZOMBIE) || ast_check_hangup_locked(c1))
{

To see if some of the channels is going through a masquerading, but non
atomically, access to channel member variables happens a few lines later

if (!ast_strlen_zero(pbx_builtin_getvar_helper(c0, "BRIDGEPEER")))
     pbx_builtin_setvar_helper(c0, "BRIDGEPEER", c1->name);

Without locking on those acceses. That causes random crashes when the
memory is touched or free'd later.

====================================================================== 

---------------------------------------------------------------------- 
 (0101361) russell (administrator) - 2009-03-09 07:17
 http://bugs.digium.com/view.php?id=14623#c101361 
---------------------------------------------------------------------- 
Tilghman, where is that stated as the policy for locking order?  I don't
know of a single place in the code that does that.  If it does, it's wrong,
as that is not sufficient to avoid deadlocks because of the use of
recursive locks. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-03-09 07:17 russell        Note Added: 0101361                          
======================================================================