[asterisk-bugs] [JIRA] (ASTERISK-21737) [patch] - Crash during transfer from DAHDI/SIP to SIP/SIP in ast_format_cap_append called from remote bridge loop
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Sat Feb 22 11:10:03 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-21737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=215555#comment-215555 ]
Matt Jordan commented on ASTERISK-21737:
----------------------------------------
I've attached two patches that I believe should resolve the issue - one for 1.8 and one for 11.
The problem here is that the channels are unlocked when get_codec is called. Because they are unlocked, it is possible for a masquerade (from a transfer) to sneak in and blow away the PVT between the check that it is non-NULL and the actual call to get_codec.
I've put the patch up for review here: https://reviewboard.asterisk.org/r/3247/
> [patch] - Crash during transfer from DAHDI/SIP to SIP/SIP in ast_format_cap_append called from remote bridge loop
> -----------------------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-21737
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-21737
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/Transfers, Core/Bridging
> Environment: Asterisk SVN-branch-11-r385594
> Reporter: Alec Davis
> Attachments: bug_apr30.diff.txt, gdb-apr30.txt, GDB_output_sample_10_01_2014.txt
>
>
> DAHDI call into queue.
> SIP agent answers, then transfer to SIP0007.
>
> Crashed just after/during a transfer.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list