[asterisk-bugs] [JIRA] (ASTERISK-26306) channel: Hang-up crashes.

Alexander Traud (JIRA) noreply at issues.asterisk.org
Fri Aug 19 05:49:56 CDT 2016 

Alexander Traud created ASTERISK-26306:
------------------------------------------

             Summary: channel: Hang-up crashes.
                 Key: ASTERISK-26306
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26306
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Core/Channels
    Affects Versions: 13.10.0, 11.23.0
            Reporter: Alexander Traud
            Severity: Critical


In the channel destructor, the private data structure of the underlying channel technology is freed to avoid a memory leak. However, some channel technologies use ast_calloc/malloc, some use reference counting via ao2_ref. The latter cause this crash, because ao2_ref(., -1) must be used with such a structure rather than ast_free(.). I have no idea how to fix this issue correctly and therefore cannot drive this issue any further.

*Step to Reproduce*
Put the following in your {{/etc/asterisk/extensions.conf}}, use {{chan_pjsip}} as channel technology and dial the extension ‘test’:
{noformat}exten => test,1,NoOp()
 same => n,Set(CHANNEL(secure_bridge_media)=1)
 same => n,Set(CHANNEL(secure_bridge_signaling)=1)
 same => n,Dial(PJSIP/${EXTEN}&SIP/${EXTEN}){noformat}

*Expected Result*
Asterisk should call the endpoint 'test' via SIP over TLS (or SIP over Secure WebSockets) and use the RTP profile sAVP(F), to enable sRTP – regardless the settings in sip.conf or pjsip.conf.

*Actual Result*
Asterisk received signal SIGABRT and aborts:
{noformat}channel.c:6069 ast_request: Setting security requirements failed
channel.c:2223 ast_channel_destructor: Channel 'PJSIP/test-00000001' may not have been hung up properly
      __GI___libc_free at malloc.c:2969
ast_channel_destructor at channel.c:2224
      internal_ao2_ref at astobj2.c:445
             __ao2_ref at astobj2.c:516
   ast_channel_release at channel.c:1562
           ast_request at channel.c:6070
        dial_exec_full at app_dial.c:2426{noformat}

*Notes*
This issue has no real date when it came into Asterisk. When Reference Counting was introduced, more and more channel technologies/drivers went over to use that internally – but not all do, yet.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list