[asterisk-bugs] [JIRA] (ASTERISK-23348) Allocation failure in ast_unreal_new_channels causes core dump

Matt Jordan (JIRA) noreply at issues.asterisk.org
Fri May 30 09:31:56 CDT 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-23348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=218695#comment-218695 ] 

Matt Jordan commented on ASTERISK-23348:
----------------------------------------

Pretty sure I just fixed this, without realizing this was the same issue:

{code}
------------------------------------------------------------------------
r414542 | mjordan | 2014-05-24 21:30:51 -0500 (Sat, 24 May 2014) | 15 lines

core_unreal: Prevent double free of core_unreal pvt

When a channel is destroyed (such as via ast_channel_release in off nominal
paths in core_unreal), it will attempt to free (via ast_free) the channel tech
pvt. This is problematic for a few reasons:
1. The channel tech pvt is an ao2 object in core_unreal. Free'ing the pvt
   directly is no good.
2. The channel tech pvt's reference count is dropped just prior to calling
   ast_channel_release, resulting in the pvt's destruction. Hence, the
   channel destructor is free'ing an invalid pointer.

This patch keeps the dropping of the reference count, but sets the pvt to
NULL on the channel prior to releasing it. This models what would occur if the
channel was hung up directly.
{code}

I ran into this doing something similarly aggressive with Local channels. One of the channels doesn't get created for some reason, and - because the pvt gets destroyed before the channel - the {{ast_channel_destructor}} free's an already free'd location.

Unless you feel otherwise, I'm going to propose we close out this issue as "Fixed" - if it turns out I'm wrong, we can re-open the issue.

> Allocation failure in ast_unreal_new_channels causes core dump
> --------------------------------------------------------------
>
>                 Key: ASTERISK-23348
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23348
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/Channels
>    Affects Versions: SVN, 12.0.0
>            Reporter: Corey Farrell
>         Attachments: backtrace_2414.txt, testsuite-error.txt
>
>
> Testsuite crashed on tests/masquerade.  Backtrace and testsuite error messages attached.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list