[asterisk-bugs] [JIRA] (ASTERISK-21316) Segfault on ast_channel_tech(chan)->send_digit_begin
Etienne Lessard (JIRA)
noreply at issues.asterisk.org
Fri Jul 4 14:48:57 CDT 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-21316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=220279#comment-220279 ]
Etienne Lessard commented on ASTERISK-21316:
--------------------------------------------
I'm getting the same segfault on the latest asterisk 11 version, i.e. 11.10.2.
My scenario is the following:
Given I have a queue with a member Local/123 at something
Given the extension 123 at something does a Dial(SIP/abcdef)
When someone calls the queue
Then it calls SIP/abcdef
When SIP/abcdef answer the call almost at the same time as the caller press a DTMF key
Then asterisk segfault
It's kinda hard to reproduce manually. I've seen the crash twice on production asterisk, but to reproduce it, it's easier to add a small sleep between the
{noformat}
if (!ast_channel_tech(chan)->send_digit_begin)
{noformat}
and
{noformat}
if (!ast_channel_tech(chan)->send_digit_begin(chan, digit))
{noformat}
statements in ast_senddigit_begin.
> Segfault on ast_channel_tech(chan)->send_digit_begin
> ----------------------------------------------------
>
> Key: ASTERISK-21316
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-21316
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/Channels
> Affects Versions: 11.2.1
> Environment: CentOS 6.3
> Reporter: Ashley Winters
> Severity: Critical
> Attachments: gdb-send_digit_begin-segfault.txt, unlocked-send_digit-race.patch
>
>
> Calling {{ast_channel_tech(chan)}} multiple times in a row while chan is unlocked is a race condition. I experienced a segfault when the tech changed to {{null_tech}} between the null check and the function-pointer dereference.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list