[asterisk-bugs] [JIRA] (ASTERISK-21893) Segfault after call hangup

Matt Jordan (JIRA) noreply at issues.asterisk.org
Mon Jun 10 12:07:03 CDT 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-21893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=207119#comment-207119 ] 

Matt Jordan commented on ASTERISK-21893:
----------------------------------------

Well this is no good.

In {{sip_pri}}, we explicitly check for the existance of the owning channel before attempting to set the hangup cause:

{noformat}
				if (pri->pvts[chanpos]->owner) {
					int do_hangup = 0;

					snprintf(cause_str, sizeof(cause_str), "PRI PRI_EVENT_HANGUP_REQ (%d)", e->hangup.cause);
					pri_queue_pvt_cause_data(pri, chanpos, cause_str, e->hangup.cause);

					ast_channel_hangupcause_set(pri->pvts[chanpos]->owner, e->hangup.cause);
{noformat}

If {{pri->pvts[chanpos]->owner}} is not NULL but is set to NULL by the time it reaches {{ast_channel_hangupcause_set}}, there's a race condition someplace and someone is deref-ing the channel when they shouldn't be.

Can you provide the relevant portions of your dialplan, as well as a DEBUG log leading up to the crash? That might provide some insight into what occurred and where the race condition lies.

                
> Segfault after call hangup
> --------------------------
>
>                 Key: ASTERISK-21893
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-21893
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 11.2.1
>            Reporter: Alexandr Gordeev
>            Severity: Critical
>         Attachments: backtrace_20130514.txt
>
>
> {code}#0  0x080d0e68 in ast_channel_hangupcause_set (chan=0x0, value=16) at channel_internal_api.c:580
> #1  0xb5c244d2 in pri_dchannel (vpri=0xb5c40198) at sig_pri.c:7137
> #2  0x081b8735 in dummy_start (data=0x894c060) at utils.c:1028
> #3  0xb7257955 in start_thread () from /lib/i686/cmov/libpthread.so.0
> #4  0xb767e58e in clone () from /lib/i686/cmov/libc.so.6{code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list