[asterisk-bugs] [JIRA] (ASTERISK-21316) Segfault on ast_channel_tech(chan)->send_digit_begin
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Fri Mar 29 11:14:02 CDT 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-21316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=204781#comment-204781 ]
Matt Jordan commented on ASTERISK-21316:
----------------------------------------
I am curious how a digit managed to get put on a zombie channel in the first place:
{noformat}
#1 0x0000000000472b22 in ast_senddigit_begin (chan=0x7faaa00462b8, digit=35 '#') at channel.c:4750
4750 if (!ast_channel_tech(chan)->send_digit_begin(chan, digit))
(gdb) p chan->name
$1 = (const ast_string_field) 0x7faaa003a63a "AsyncGoto/SIP/sansay-sd-00002e78<ZOMBIE>"
(gdb) p *chan->tech
{noformat}
That channel is going to die - what queued the DTMF digit on it?
> Segfault on ast_channel_tech(chan)->send_digit_begin
> ----------------------------------------------------
>
> Key: ASTERISK-21316
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-21316
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/Channels
> Affects Versions: 11.2.1
> Environment: CentOS 6.3
> Reporter: Ashley Winters
> Severity: Critical
> Attachments: gdb-send_digit_begin-segfault.txt, unlocked-send_digit-race.patch
>
>
> Calling {{ast_channel_tech(chan)}} multiple times in a row while chan is unlocked is a race condition. I experienced a segfault when the tech changed to {{null_tech}} between the null check and the function-pointer dereference.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list