[asterisk-bugs] [Asterisk 0015889]: crash because of invalid cdr->dst string
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Nov 10 15:02:08 CST 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=15889
======================================================================
Reported By: fhackenberger
Assigned To: mnicholson
======================================================================
Project: Asterisk
Issue ID: 15889
Category: CDR/General
Reproducibility: random
Severity: crash
Priority: normal
Status: assigned
Asterisk Version: SVN
JIRA: SWP-314
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.1
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-09-14 06:34 CDT
Last Modified: 2009-11-10 15:02 CST
======================================================================
Summary: crash because of invalid cdr->dst string
Description:
The actual crash is due to a race condition with SQLAllocHandle. Asterisk
reconnects to the DB if executing a statement fails. If, at the same time,
another thread tries to execute a statement, we have a crash. Threads 1, 3
in the attached backtrace. However, a failing DB statement during normal
operation should not happen in the first place. The statement which fails
is an INSERT into the asterisk cdr. The reason for aborting the statement
seems to be the field 'dst' which is set to:
(gdb) print /x cdr.dst
$3 = {0xff, 0x0, 0x32, 0x37, 0x0 <repeats 76 times>}
cdr.dst is set to chan.exten when the cdr struct is initialised.
chan.exten in turn is set to "" when the channel struct is initialised. I
cannot see a way for it to be uninitialised.
======================================================================
----------------------------------------------------------------------
(0113614) mnicholson (administrator) - 2009-11-10 15:02
https://issues.asterisk.org/view.php?id=15889#c113614
----------------------------------------------------------------------
I am not sure how a race in SQLAllocHandle() would cause this.
SQLAllocHandle() is called in several places in asterisk without any
locking protecting and a quick google search seems to indicate that it is
thread safe. It does appear that one thread in asterisk is attempting to
allocate a statement handle while another thread is attempting to allocate
a connection handle. The connection handle used in thread 1 has probably
already been destroyed by thread 3. If this is the case, then calling
SQLAllocHandle() on a connection handle that has been freed will cause
problems.
Please you provide the value of obj->con for those two threads. I don't
think this is CDR related, it is more likely a race condition in the way
asterisk handles reconnecting to the database.
Issue History
Date Modified Username Field Change
======================================================================
2009-11-10 15:02 mnicholson Note Added: 0113614
======================================================================
More information about the asterisk-bugs
mailing list