[asterisk-bugs] [Asterisk 0017919]: [patch] schedule_delivery calls ast_bridged_channel() on an unlocked channel
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Sep 21 18:55:59 CDT 2010
The following issue has been RESOLVED.
======================================================================
https://issues.asterisk.org/view.php?id=17919
======================================================================
Reported By: rain
Assigned To: rmudgett
======================================================================
Project: Asterisk
Issue ID: 17919
Category: Channels/chan_iax2
Reproducibility: random
Severity: crash
Priority: normal
Status: resolved
Target Version: 1.6.2.15
Asterisk Version: Older 1.6.2 - please test a newer version
JIRA: SWP-2133
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 2010-08-27 15:11 CDT
Last Modified: 2010-09-21 18:55 CDT
======================================================================
Summary: [patch] schedule_delivery calls
ast_bridged_channel() on an unlocked channel
Description:
Near the beginning of schedule_delivery(), ast_bridged_channel() is called
on iaxs[fr->callno]->owner; however, that channel is not locked, which can
result in ast_bridged_channel() crashing should owner->tech change to a
technology that doesn't implement bridged_channel. I spoke with briefly
with russellb on IRC who agreed that this usage is unsafe.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
has duplicate 0017920 schedule_delivery calls ast_bridged_cha...
======================================================================
----------------------------------------------------------------------
(0127260) svnbot (reporter) - 2010-09-21 18:55
https://issues.asterisk.org/view.php?id=17919#c127260
----------------------------------------------------------------------
Repository: asterisk
Revision: 288192
U branches/1.4/channels/chan_iax2.c
------------------------------------------------------------------------
r288192 | rmudgett | 2010-09-21 18:55:58 -0500 (Tue, 21 Sep 2010) | 26
lines
In chan_iax2.c:schedule_delivery() calls ast_bridged_channel() on an
unlocked channel.
Near the beginning of schedule_delivery(), ast_bridged_channel() is called
on iaxs[fr->callno]->owner. However, the channel is not locked, which can
result in ast_bridged_channel() crashing should owner->tech change to a
technology that doesn't implement bridged_channel.
I also fixed the other calls to ast_bridged_channel() in chan_iax2.c since
the owner lock was not held there either.
Converted the existing channel deadlock avoidance to use
iax2_lock_owner(). Using the new function simplified some awkward code.
In the process of fixing the locking on ast_bridged_channel(), I also
found a memory leak in socket_process() for v1.6.2 and v1.8. The local
struct variable ies.vars is not freed on early/abnormal function exits.
(closes issue https://issues.asterisk.org/view.php?id=17919)
Reported by: rain
Patches:
issue17919_v1.4.patch uploaded by rmudgett (license 664)
issue17919_w_leak_v1.6.2.patch uploaded by rmudgett (license 664)
issue17919_w_leak_v1.8.patch uploaded by rmudgett (license 664)
Review: https://reviewboard.asterisk.org/r/926/
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=288192
Issue History
Date Modified Username Field Change
======================================================================
2010-09-21 18:55 svnbot Note Added: 0127260
2010-09-21 18:55 svnbot Status assigned => resolved
2010-09-21 18:55 svnbot Resolution open => fixed
======================================================================
More information about the asterisk-bugs
mailing list