[asterisk-bugs] [Asterisk 0017363]: [patch] Redirecting ; 1 side of local channel during optimisation causes double free of ; 1 side and crash
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu May 20 06:31:56 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17363
======================================================================
Reported By: davidw
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17363
Category: Core/General
Reproducibility: sometimes
Severity: crash
Priority: normal
Status: acknowledged
Asterisk Version: SVN
JIRA: SWP-1513
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.2
SVN Revision (number only!): 264112
Request Review:
======================================================================
Date Submitted: 2010-05-19 11:17 CDT
Last Modified: 2010-05-20 06:31 CDT
======================================================================
Summary: [patch] Redirecting ;1 side of local channel during
optimisation causes double free of ;1 side and crash
Description:
If the ;1 side of a local channel is redirected between the
ast_channel_masquerade call and the ast_do_masquerade call resulting from
the channel being answered and optimised, the ;1 side gets double freed
and, without MALLOC_DEBUG, free() calls abort(), crashing Asterisk.
Scenario. With MALLOC_DEBUG enabled, use ChannelRedirect on the ;q side
of a local channel marginally after the ;2 side has been answered.
Expect. Redirect fails gracefully and optimisation completes.
Actual. Sometimes the original ;1 side channel structure is freed twice.
(With MALLOC_DEBUG not enabled, but using 1.6.1.0, free() calls abort() and
crashes Asterisk.)
======================================================================
----------------------------------------------------------------------
(0122200) davidw (reporter) - 2010-05-20 06:31
https://issues.asterisk.org/view.php?id=17363#c122200
----------------------------------------------------------------------
I think I may have got my original and clone terminology crossed. However,
with the patch that I have just uploaded, I now get this (reasonable)
message if the race window is fully met:
[May 20 12:18:02] WARNING[5970]: channel.c:4303 ast_channel_masquerade:
SIP/6105-00000007 is already going to masquerade as
Local/6999 at default-607c;1
Both with and without the patch, one gets this message if the window is
over-shot:
[May 20 12:17:57] WARNING[5967]: app_channelredirect.c:92 asyncgoto_exec:
No such channel: Local/6999 at default-8c5d;1
Whilst I suspect that all four combinations of original/clonechan and
masq/masqr should be faulted, the remaining case doesn't apply for my
problem, so I cannot really exercise it and have left it out of the patch.
Issue History
Date Modified Username Field Change
======================================================================
2010-05-20 06:31 davidw Note Added: 0122200
======================================================================
More information about the asterisk-bugs
mailing list