[asterisk-bugs] [JIRA] (ASTERISK-23287) res_pjsip_refer: Crash during attended transfer when attended->transferer_second channel is NULL
Kinsey Moore (JIRA)
noreply at issues.asterisk.org
Mon Feb 24 12:24:03 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-23287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=215603#comment-215603 ]
Kinsey Moore commented on ASTERISK-23287:
-----------------------------------------
Doing a little debugging and looking at the resulting backtraces, this is not quite as simple as tossing an extra ref in there for that channel. Something appears to be consuming a ref that shouldn't be, so it's time to enable REF_DEBUG.
> res_pjsip_refer: Crash during attended transfer when attended->transferer_second channel is NULL
> ------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-23287
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-23287
> Project: Asterisk
> Issue Type: Bug
> Components: Resources/res_pjsip_refer
> Affects Versions: 12.0.0
> Reporter: Matt Jordan
> Attachments: backtrace_5214.txt, full.txt
>
>
> Note that this was caught by the Asterisk Test Suite during the ARI attended transfer event test. Backtrace is attached.
> {noformat}
> #0 0x000000000053da03 in ast_channel_name (chan=0x0) at channel_internal_api.c:464
> 464 DEFINE_STRINGFIELD_GETTER_FOR(name);
> #0 0x000000000053da03 in ast_channel_name (chan=0x0) at channel_internal_api.c:464
> No locals.
> #1 0x00007f05e9000f08 in refer_attended (data=0x7f060c0523c8) at res_pjsip_refer.c:424
> attended = 0x7f060c0523c8
> response = 0
> __PRETTY_FUNCTION__ = "refer_attended"
> {noformat}
> This occurs because some channel is NULL that we weren't expecting. Looking at line 424:
> {noformat}
> ast_debug(3, "Performing a REFER attended transfer - Transferer #1: %s Transferer #2: %s\n",
> ast_channel_name(attended->transferer_chan), ast_channel_name(attended->transferer_second->channel));
> {noformat}
> So we have either {{attended->transferer_chan}}, or {{attended->transferer_second->channel}}.
> When we make the {{attended}} structure, we are ref bumping the {{ast_sip_session}} objects, but only the {{attended->transferer_chan}} channel is ref bumped:
> {noformat}
> struct refer_attended *attended = ao2_alloc(sizeof(*attended), refer_attended_destroy);
> if (!attended) {
> return NULL;
> }
> ao2_ref(transferer, +1);
> attended->transferer = transferer;
> ast_channel_ref(transferer->channel);
> attended->transferer_chan = transferer->channel;
> ao2_ref(transferer_second, +1);
> attended->transferer_second = transferer_second;
> if (progress) {
> ao2_ref(progress, +1);
> attended->progress = progress;
> }
> {noformat}
> The most likely culprit for this failing is the attended->transferer_second channel getting nuked out while we serialize the task.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list