[asterisk-bugs] [JIRA] (ASTERISK-24521) [patch] Segfault due to null pointer in ast_bridged_channel

Matt Jordan (JIRA) noreply at issues.asterisk.org
Fri Nov 14 14:07:29 CST 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223549#comment-223549 ] 

Matt Jordan commented on ASTERISK-24521:
----------------------------------------

It looks like {{sip_hangup}} somehow got called on a channel that was bridged with a channel that was allocated but clearly not populated in any usable fashion - the bridged channel has no {{name}}, {{uniqueid}}, or most other properties that are assigned during allocation. The only thing it does have that shows where it came from is the {{appl}}/{{data}} field.

It may be that your patch is correct, but it's almost impossible to say. It's equally likely that some other part of code in {{app_dial}} is not error checking appropriately, or is early bridging two channels together before they should. There could also be a race condition between completely populating the outbound channel with its information and some other occurrence in {{chan_sip}} and {{app_dial}}.

If someone encounters the same issue your patch may help them, but I'm not sure it's the right solution to the problem.

It would be extremely helpful to get a log showing how this occurred, or any information that would help us understand how the system got into this state.

> [patch] Segfault due to null pointer in ast_bridged_channel
> -----------------------------------------------------------
>
>                 Key: ASTERISK-24521
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24521
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/Channels
>    Affects Versions: 11.8.1
>            Reporter: Ben Smithurst
>         Attachments: ast_bridged_channel.diff, backtrace.txt
>
>
> We have observed a crash in ast_bridged_channel due to a null pointer.  We do not know at present how to reproduce it, it is something we haven't really seen before but then saw several times in a single day.
> The cause appears to be a bridged channel existing without a 'tech' field, so the ast_bridged_channel function dereferences a null pointer, the fix is quite simple and seems to work for us, we've seen no further occurences of the crash.
> *Hopefully* I still have the backtrace/core file, but if not, as I say we don't know how to reproduce it, apologies.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list