[asterisk-bugs] [JIRA] (ASTERISK-17188) [patch] p->chan can disappear between test and lock in deadlock avoidance in local_hangup
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Fri Mar 13 21:16:34 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-17188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Colp closed ASTERISK-17188.
----------------------------------
Resolution: Fixed
This has been fixed in 1.8+ thanks to reference counting.
> [patch] p->chan can disappear between test and lock in deadlock avoidance in local_hangup
> -----------------------------------------------------------------------------------------
>
> Key: ASTERISK-17188
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-17188
> Project: Asterisk
> Issue Type: Bug
> Components: Channels/chan_local
> Reporter: David Woolley
> Severity: Minor
> Attachments: Issue18558-patch1.diff.txt, Issue18558-patch2.diff.txt
>
>
> r 259899 introduces an unlock/lock sequence on p-> chan in the deadlock avoidance for a failed lock on p->owner, in local_hangup. However, as noted in a comment added/modified in r 292867, and assumed by code which tests for NULL, p->chan may be nulled whilst the lock on p is off.
> Depending on exactly where the NULL is set, as well as the case that is handled, this could result in:
> 1) deferencing NULL, when calling lock;
> 2) applying a lock to a structure that is being destroyed.
> ****** ADDITIONAL INFORMATION ******
> This was noted whilst doing a code review of the conflicting changes whilst considering backporting r 292867, in order to try to avoid a crash due to a double free.
> I have left this as minor simply because I don't have evidence that it is a significant problem in the wild, however, the worst outcomes include direct segmentation violations and may include indirect ones owing to manipulating free structures.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list