[asterisk-bugs] [JIRA] (ASTERISK-22350) DUNDI - core dump on shutdown - segfault in sqlite3_reset from /usr/lib/libsqlite3.so.0

Alexander Hömig (JIRA) noreply at issues.asterisk.org
Wed Nov 6 06:02:04 CST 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=211545#comment-211545 ] 

Alexander Hömig edited comment on ASTERISK-22350 at 11/6/13 6:00 AM:
---------------------------------------------------------------------

I have possible found the reason:

When the asterisk stops the "astdb_atexit"-Function will be called. This function calls "clean_statements()" which set the db-pointer in all prepared-Statements to null.
When at the same time a database operation occurs and uses a prepared-statement the segfault happens in sqlite3_reset.

{code:title=gdb-log|borderStyle=solid}
(gdb)
#0  0x4038d90e in sqlite3_reset (pStmt=0x82c7410) at sqlite3.c:63297
63297       sqlite3_mutex_enter(v->db->mutex);
(gdb) list
63292     int rc;
63293     if( pStmt==0 ){
63294       rc = SQLITE_OK;
63295     }else{
63296       Vdbe *v = (Vdbe*)pStmt;
63297       sqlite3_mutex_enter(v->db->mutex);
(gdb)
(gdb) print *((Vdbe*)pStmt)
$7 = {db = 0x0, aOp = 0x852dfa8, aMem = 0x852e1a0, apArg = 0x852e380, aColName = 0x0, pResultSet = 0x0, nMem = 9, nOp = 27,
  nOpAlloc = 51, nLabel = 2, aLabel = 0x0, nResColumn = 0, nCursor = 2, magic = 3053896648, zErrMsg = 0x0, pPrev = 0x0,
  pNext = 0x82c3ed0, apCsr = 0x852e388, aVar = 0x852e330, azVar = 0x852e380, nVar = 2, nzVar = 0, cacheCtr = 1, pc = -1, rc = 0,
  errorAction = 2 '\002', minWriteFileFormat = 255 '?', explain = 0, inVtabMethod = 0, changeCntOn = 1, expired = 0,
  runOnlyOnce = 0, usesStmtJournal = 0, readOnly = 0, isPrepareV2 = 0, doingRerun = 0, nChange = 0, btreeMask = 1, lockMask = 0,
  iStatement = 0, aCounter = {0, 0, 0}, startTime = 0, nFkConstraint = 0, nStmtDefCons = 0,
  zSql = 0x852a160 "`?R\bRT OR REPLACE INTO astdb (key, value) VALUES (?, ?)", pFree = 0x0, pFrame = 0x0, pDelFrame = 0x0,
  nFrame = 0, expmask = 0, pProgram = 0x0, nOnceFlag = 1, aOnceFlag = 0x852e390 ""}
(gdb)
{code}

Is it possible to set the prepared-statement-pointer to null in the function "clean_stmt" after sqlite3_finalize was called?
                
      was (Author: ahoemig):
    I have possible found the reason:

When the asterisk stops the "astdb_atexit"-Function will be called. This function calls "clean_statements()" which set the db-pointer in all prepared-Statements to null.
When at the same time a database operation occurs and uses a prepared-statement the segfault happens in sqlite3_reset.

(gdb)
#0  0x4038d90e in sqlite3_reset (pStmt=0x82c7410) at sqlite3.c:63297
63297       sqlite3_mutex_enter(v->db->mutex);
(gdb) list
63292     int rc;
63293     if( pStmt==0 ){
63294       rc = SQLITE_OK;
63295     }else{
63296       Vdbe *v = (Vdbe*)pStmt;
63297       sqlite3_mutex_enter(v->db->mutex);
(gdb)
(gdb) print *((Vdbe*)pStmt)
$7 = {db = 0x0, aOp = 0x852dfa8, aMem = 0x852e1a0, apArg = 0x852e380, aColName = 0x0, pResultSet = 0x0, nMem = 9, nOp = 27,
  nOpAlloc = 51, nLabel = 2, aLabel = 0x0, nResColumn = 0, nCursor = 2, magic = 3053896648, zErrMsg = 0x0, pPrev = 0x0,
  pNext = 0x82c3ed0, apCsr = 0x852e388, aVar = 0x852e330, azVar = 0x852e380, nVar = 2, nzVar = 0, cacheCtr = 1, pc = -1, rc = 0,
  errorAction = 2 '\002', minWriteFileFormat = 255 '?', explain = 0, inVtabMethod = 0, changeCntOn = 1, expired = 0,
  runOnlyOnce = 0, usesStmtJournal = 0, readOnly = 0, isPrepareV2 = 0, doingRerun = 0, nChange = 0, btreeMask = 1, lockMask = 0,
  iStatement = 0, aCounter = {0, 0, 0}, startTime = 0, nFkConstraint = 0, nStmtDefCons = 0,
  zSql = 0x852a160 "`?R\bRT OR REPLACE INTO astdb (key, value) VALUES (?, ?)", pFree = 0x0, pFrame = 0x0, pDelFrame = 0x0,
  nFrame = 0, expmask = 0, pProgram = 0x0, nOnceFlag = 1, aOnceFlag = 0x852e390 ""}
(gdb)

Is it possible to set the prepared-statement-pointer to null in the function "clean_stmt" after sqlite3_finalize was called?
                  
> DUNDI - core dump on shutdown - segfault in sqlite3_reset from /usr/lib/libsqlite3.so.0
> ---------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-22350
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22350
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: PBX/pbx_dundi
>    Affects Versions: SVN
>            Reporter: Birger "WIMPy" Harzenetter
>         Attachments: pastebin.txt, pastebin.txt
>
>
> segfault in sqlite3 after process_clearcache
> Asterisk was running in foreground and was killed using ^C

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list