[asterisk-bugs] [Asterisk 0017365]: Race condition causes manager session event list to underflow causing null pointer de-ref and crash.
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri May 21 11:49:58 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17365
======================================================================
Reported By: davidw
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17365
Category: Core/ManagerInterface
Reproducibility: sometimes
Severity: crash
Priority: normal
Status: ready for testing
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.2
SVN Revision (number only!): 264112
Request Review:
======================================================================
Date Submitted: 2010-05-20 12:26 CDT
Last Modified: 2010-05-21 11:49 CDT
======================================================================
Summary: Race condition causes manager session event list to
underflow causing null pointer de-ref and crash.
Description:
There is a flaw in the reference count logic for events in manager.c which
means about once in the order of 100,000,000 events, the last event gets
purged, resulting in a trying to dereference a null last_ev pointer at:
0x0811b951 in process_events (s=0xb773819c) at manager.c:2685
2685 while ( (eqe = NEW_EVENT(s)) ) {
Scenario. Run Asterisk for long enough with a manager logged in and
events being generated.
Expect. Nothing untoward.
Get. Crash, as above.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0017234 [patch] Memory leak in manager.c
======================================================================
----------------------------------------------------------------------
(0122255) davidw (reporter) - 2010-05-21 11:49
https://issues.asterisk.org/view.php?id=17365#c122255
----------------------------------------------------------------------
The code looks OK, with the caveats that I'm assuming that the list
management macros do sensible things.
As my original test started from an assumption about where the race
condition was and it is now assumed to have gone away, we can only really
do a general regression test of the AMI interface part of our application,
and make sure there are no obvious new problems. That will probably happen
sometime next week.
Issue History
Date Modified Username Field Change
======================================================================
2010-05-21 11:49 davidw Note Added: 0122255
======================================================================
More information about the asterisk-bugs
mailing list