[asterisk-bugs] [Asterisk 0017365]: Race condition causes manager session event list to underflow causing null pointer de-ref and crash.
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu May 20 13:29:50 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17365
======================================================================
Reported By: davidw
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17365
Category: Core/ManagerInterface
Reproducibility: sometimes
Severity: crash
Priority: normal
Status: new
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.2
SVN Revision (number only!): 264112
Request Review:
======================================================================
Date Submitted: 2010-05-20 12:26 CDT
Last Modified: 2010-05-20 13:29 CDT
======================================================================
Summary: Race condition causes manager session event list to
underflow causing null pointer de-ref and crash.
Description:
There is a flaw in the reference count logic for events in manager.c which
means about once in the order of 100,000,000 events, the last event gets
purged, resulting in a trying to dereference a null last_ev pointer at:
0x0811b951 in process_events (s=0xb773819c) at manager.c:2685
2685 while ( (eqe = NEW_EVENT(s)) ) {
Scenario. Run Asterisk for long enough with a manager logged in and
events being generated.
Expect. Nothing untoward.
Get. Crash, as above.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0017234 [patch] Memory leak in manager.c
======================================================================
----------------------------------------------------------------------
(0122219) tilghman (administrator) - 2010-05-20 13:29
https://issues.asterisk.org/view.php?id=17365#c122219
----------------------------------------------------------------------
Work on the related issue https://issues.asterisk.org/view.php?id=17234 produced
a patch that should fix that
exact race condition.
Issue History
Date Modified Username Field Change
======================================================================
2010-05-20 13:29 tilghman Note Added: 0122219
======================================================================
More information about the asterisk-bugs
mailing list