[asterisk-bugs] [JIRA] (ASTERISK-27230) Segfault in pj_timer_heap_poll

Ross Beer (JIRA) noreply at issues.asterisk.org
Thu Oct 12 09:49:20 CDT 2017


    [ https://issues.asterisk.org/jira/browse/ASTERISK-27230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=239296#comment-239296 ] 

Ross Beer edited comment on ASTERISK-27230 at 10/12/17 9:48 AM:
----------------------------------------------------------------

The crash always happens when accessing "std->fail;". Would a check for NULL resolve the issue here or would it have a cascade effect?

{noformat}
static int sync_task(void *data)
{
	struct sync_task_data *std = data;
	int ret;

	std->fail = std->task(std->task_data);

	/*
	 * Once we unlock std->lock after signaling, we cannot access
	 * std again.  The thread waiting within
	 * ast_sip_push_task_synchronous() is free to continue and
	 * release its local variable (std).
	 */
	ast_mutex_lock(&std->lock);
	std->complete = 1;
	ast_cond_signal(&std->cond);
	ret = std->fail;                                   <------ *** Segfault Here ***
	ast_mutex_unlock(&std->lock);
	return ret;
}
{noformat}

I have a feeling that this happens when an endpoint has been removed from the realtime database and a task is then run for the endpoint.


was (Author: rossbeer):
The crash always happens when accessing "std->fail;". Would a check for NULL resolve the issue here or would it have a cascade effect?

{noformat}
static int sync_task(void *data)
{
	struct sync_task_data *std = data;
	int ret;

	std->fail = std->task(std->task_data);

	/*
	 * Once we unlock std->lock after signaling, we cannot access
	 * std again.  The thread waiting within
	 * ast_sip_push_task_synchronous() is free to continue and
	 * release its local variable (std).
	 */
	ast_mutex_lock(&std->lock);
	std->complete = 1;
	ast_cond_signal(&std->cond);
	ret = std->fail;                                   <------ *** Segfault Here ***
	ast_mutex_unlock(&std->lock);
	return ret;
}
{noformat}

> Segfault in pj_timer_heap_poll
> ------------------------------
>
>                 Key: ASTERISK-27230
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27230
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip
>    Affects Versions: GIT
>         Environment: Fedora 23
>            Reporter: Ross Beer
>            Assignee: George Joseph
>         Attachments: core-asterisk-103311-Asterisk7-1504005395-thread1.txt, core-asterisk-158440-Asterisk5-1504033325-thread1.txt, core-asterisk-172816-Asterisk7-1507310948-thread1.txt, core-asterisk-40920-Asterisk7-1507023780-thread1.txt, core-asterisk-5713-1507134548-thread1.txt
>
>
> There is a segfault on multiple instances in pj_timer_heap_poll. Please see attached back traces.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list