[asterisk-bugs] [JIRA] (ASTERISK-22740) Confbridge fails to destroy conference on hangup leading to Asterisk segfault

Simon Moxon (JIRA) noreply at issues.asterisk.org
Mon Oct 21 11:52:03 CDT 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=211094#comment-211094 ] 

Simon Moxon commented on ASTERISK-22740:
----------------------------------------

I've got to the bottom of this, it appears when quiet=no is enabled and the leader leaves, the conference object is briefly unlocked with ao2_unlock while the 'leader left the conference' message is played to the conference.  The marked user count has already been decremented at this point, but the conference state has not been changed.

If an unmarked user hangs up at this point, then CONF_STATE_MULTI_MARKED->leave_active is called.  Because the user count is now 1, this function assumes that must be the marked user and sets the conference state to CONF_STATE_SINGLE_MARKED.

When the final unmarked user hangs up, it attempts to call CONF_STATE_SINGLE_MARKED->leave_unmarked, but this function doesn't exist.  Presumably because it shouldn't be possible for an unmarked user to exist when the conference is in single marked.

The fix is not to unlock the conference object until the state has been updated.  Attached is a patch.


                
> Confbridge fails to destroy conference on hangup leading to Asterisk segfault
> -----------------------------------------------------------------------------
>
>                 Key: ASTERISK-22740
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22740
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Applications/app_confbridge
>    Affects Versions: 11.5.1
>            Reporter: Simon Moxon
>            Assignee: Simon Moxon
>         Attachments: ASTERISK-22740.diff
>
>
> With 3 users (1 marked, 2 unmarked) remaining in a conference, if 1 marked and 1 unmarked hangup at the exact same time leaving just the 1 unmarked in the conference.  
> Then when that final unmarked user leaves, the conference is not torn down.
> The following Error is logged:
> {{confbridge/conf_state.c: Invalid event for confbridge user}}
> If anything then tries to access that conference e.g. via confbridge list or re-creating the conference, then asterisk will segfault as referenced in [ASTERISK-21859]
> This only occurs is confbridge quiet=no.
> Recreating the bug without a large volume of calls is tricky as the hangups have tobe with 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list