[asterisk-bugs] [Asterisk 0017363]: [patch] Redirecting ; 1 side of local channel during optimisation causes double free of ; 1 side and crash
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Sep 20 17:57:49 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17363
======================================================================
Reported By: davidw
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17363
Category: Core/General
Reproducibility: sometimes
Severity: crash
Priority: normal
Status: confirmed
Asterisk Version: SVN
JIRA: SWP-1513
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.2
SVN Revision (number only!): 264112
Request Review:
======================================================================
Date Submitted: 2010-05-19 11:17 CDT
Last Modified: 2010-09-20 17:57 CDT
======================================================================
Summary: [patch] Redirecting ;1 side of local channel during
optimisation causes double free of ;1 side and crash
Description:
If the ;1 side of a local channel is redirected between the
ast_channel_masquerade call and the ast_do_masquerade call resulting from
the channel being answered and optimised, the ;1 side gets double freed
and, without MALLOC_DEBUG, free() calls abort(), crashing Asterisk.
Scenario. With MALLOC_DEBUG enabled, use ChannelRedirect on the ;q side
of a local channel marginally after the ;2 side has been answered.
Expect. Redirect fails gracefully and optimisation completes.
Actual. Sometimes the original ;1 side channel structure is freed twice.
(With MALLOC_DEBUG not enabled, but using 1.6.1.0, free() calls abort() and
crashes Asterisk.)
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0016057 [patch] Asterisk crashes with "Fix...
related to 0017567 Asterisk crashes after redirect
======================================================================
----------------------------------------------------------------------
(0127155) svnbot (reporter) - 2010-09-20 17:57
https://issues.asterisk.org/view.php?id=17363#c127155
----------------------------------------------------------------------
Repository: asterisk
Revision: 287682
U branches/1.4/main/channel.c
------------------------------------------------------------------------
r287682 | alecdavis | 2010-09-20 17:57:49 -0500 (Mon, 20 Sep 2010) | 18
lines
ast_channel_masquerade: Avoid recursive masquerades.
Check all 4 combinations of (original/clonechan) * (masq/masqr).
Initially original->masq and clonechan->masqr were only checked.
It's possible with multiple masq's planned - and not yet executed, that
the 'original' chan could already have another masq'd into it - thus
original->masqr
would be set, that masqr would lost.
Likewise for the clonechan->masq.
(closes issue
https://issues.asterisk.org/view.php?id=16057;https://issues.asterisk.org/view.php?id=17363)
Reported by: amorsen;davidw,alecdavis
Patches:
bug16057.diff4.txt uploaded by alecdavis (license 585)
Tested by: ramonpeek, davidw, alecdavis
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=287682
Issue History
Date Modified Username Field Change
======================================================================
2010-09-20 17:57 svnbot Checkin
2010-09-20 17:57 svnbot Note Added: 0127155
======================================================================
More information about the asterisk-bugs
mailing list