[asterisk-bugs] [JIRA] (ASTERISK-21297) Segmentation fault on hangup in in ast_bridged_channel
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Tue Dec 19 09:43:08 CST 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-21297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Asterisk Team updated ASTERISK-21297:
-------------------------------------
Status: Waiting for Feedback (was: Waiting for Feedback)
> Segmentation fault on hangup in in ast_bridged_channel
> ------------------------------------------------------
>
> Key: ASTERISK-21297
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-21297
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General, Core/Bridging
> Affects Versions: 11.0.1
> Environment: Ubuntu 10.04.2
> Kernel 2.6.38
> Reporter: German Becker
> Assignee: Asterisk Team
> Attachments: backtrace.txt, full-recortado.txt
>
>
> Function ast_bridged_channel in main/channel.c generates segmentation fault. It happens seldom, I couldn't reproduce, but I think it happens when releasing call at both channels at the same time, timing issue.
> Here is the function:
> {code}
> struct ast_channel *ast_bridged_channel(struct ast_channel *chan)
> {
> struct ast_channel *bridged;
> bridged = ast_channel_internal_bridged_channel(chan);
> if (bridged && ast_channel_tech(bridged)->bridged_channel)
> bridged = ast_channel_tech(bridged)->bridged_channel(chan, bridged);
> return bridged;
> }
> {code}
> The segfault rises because bridged is not NULL, but ast_channel_tech(bridged) is NULL so the dereference produces a segfault. I'm not sure why it is null, but I think it is related to timing as said before.
> A possible fix would be to check that ast_channel_tech(bridged) is not null.
> i.e:
> {code}
> struct ast_channel *ast_bridged_channel(struct ast_channel *chan)
> {
> struct ast_channel *bridged;
> bridged = ast_channel_internal_bridged_channel(chan);
> if (bridged && ast_channel_tech(bridged) &&
> ast_channel_tech(bridged)->bridged_channel)
> bridged = ast_channel_tech(bridged)->bridged_channel(chan, bridged);
> return bridged;
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list