[asterisk-bugs] [JIRA] (ASTERISK-21297) Segmentation fault on hangup
German Becker (JIRA)
noreply at issues.asterisk.org
Mon Mar 18 10:03:01 CDT 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-21297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=204370#comment-204370 ]
German Becker commented on ASTERISK-21297:
------------------------------------------
Here is a backtrace showing the segfault:
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000474356 in ast_bridged_channel (chan=0x7fa22401cdb8) at channel.c:7360
7360 if (bridged && ast_channel_tech(bridged)->bridged_channel)
(gdb) bt
#0 0x0000000000474356 in ast_bridged_channel (chan=0x7fa22401cdb8) at channel.c:7360
#1 0x00007fa237787598 in sip_hangup (ast=0x7fa22401cdb8) at chan_sip.c:6827
#2 0x000000000048824c in ast_hangup (chan=0x7fa22401cdb8) at channel.c:2832
#3 0x00000000005330a2 in __ast_pbx_run (c=0x7fa22401cdb8, args=<value optimized out>) at pbx.c:6268
#4 0x00000000005344bb in pbx_thread (data=0x188f7e8) at pbx.c:6360
#5 0x0000000000574e8b in dummy_start (data=<value optimized out>) at utils.c:1030
#6 0x00007fa24f8039ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#7 0x00007fa2508c370d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#8 0x0000000000000000 in ?? ()
> Segmentation fault on hangup
> ----------------------------
>
> Key: ASTERISK-21297
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-21297
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/Bridging
> Affects Versions: 11.0.1
> Environment: Ubuntu 10.04.2
> Kernel 2.6.38
> Reporter: German Becker
>
> Function ast_bridged_channel in main/channel.c generates segmentation fault. It happens seldom, I couldn't reproduce, but I think it happens when releasing call at both channels at the same time, timing issue.
> Here is the function:
> {code}
> struct ast_channel *ast_bridged_channel(struct ast_channel *chan)
> {
> struct ast_channel *bridged;
> bridged = ast_channel_internal_bridged_channel(chan);
> if (bridged && ast_channel_tech(bridged)->bridged_channel)
> bridged = ast_channel_tech(bridged)->bridged_channel(chan, bridged);
> return bridged;
> }
> {code}
> The segfault rises because bridged is not NULL, but ast_channel_tech(bridged) is NULL so the dereference produces a segfault. I'm not sure why it is null, but I think it is related to timing as said before.
> A possible fix would be to check that ast_channel_tech(bridged) is not null.
> i.e:
> {code}
> struct ast_channel *ast_bridged_channel(struct ast_channel *chan)
> {
> struct ast_channel *bridged;
> bridged = ast_channel_internal_bridged_channel(chan);
> if (bridged && ast_channel_tech(bridged) &&
> ast_channel_tech(bridged)->bridged_channel)
> bridged = ast_channel_tech(bridged)->bridged_channel(chan, bridged);
> return bridged;
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list