[asterisk-bugs] [JIRA] (ASTERISK-27707) Segfault after hanging up a queue call where Bridge() was used
lvl (JIRA)
noreply at issues.asterisk.org
Thu Mar 1 07:37:13 CST 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-27707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
lvl updated ASTERISK-27707:
---------------------------
Attachment: bt full.txt
> Segfault after hanging up a queue call where Bridge() was used
> --------------------------------------------------------------
>
> Key: ASTERISK-27707
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27707
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Applications/app_queue
> Affects Versions: 15.2.1
> Reporter: lvl
> Attachments: bt full.txt
>
>
> Steps to reproduce:
> 1. Call into a queue
> 2. Have the queue dial an agent
> 3. Use AMI Redirect() + Bridge() to transfer the agent's channel elsewhere
> 4. Hangup the call
> Around 30% of the time, Asterisk segfaults on https://github.com/asterisk/asterisk/blob/15.2/apps/app_queue.c#L6364 because caller_snapshot is NULL.
> {quote}
> #0 0x00007f9dbcab5cb3 in handle_hangup (userdata=0x7f9dd4002078, sub=0x7f9dd4018378, msg=0x7f9dfc0302b8) at app_queue.c:6364
> queue_data = 0x7f9dd4002078
> channel_blob = 0x7f9dfc02f088
> caller_snapshot = 0x0
> member_snapshot = 0x7f9df4003760
> chan = 0x0
> reason = CALLER
> (gdb) print *queue_data
> $2 = {
> __field_mgr_pool = 0x7f9dd4002140,
> caller_uniqueid = 0x7f9dd4002162 "acme01-1519904274.78",
> member_uniqueid = 0x7f9dd400217c "acme01-1519904274.79",
> bridge_uniqueid = 0x7f9dd4002196 "b72d5911-db0a-413c-b4a8-0b9549f4ca8c",
> {quote}
> Apparently, the member channel is sometimes already cleared from the Stasis cache by the time we reach ast_queue_log.
> I suggest to at least add an ast_assert and/or null check for caller_snapshot & member_snapshot.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list