[asterisk-bugs] [JIRA] (ASTERISK-28286) chan_sip - no lock pvt data in proc_session_timer()
Krzysztof Trempala (JIRA)
noreply at issues.asterisk.org
Wed Feb 13 07:08:47 CST 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Krzysztof Trempala updated ASTERISK-28286:
------------------------------------------
Description:
I have a problem with accidentally overwriting the heap in the situation:
- process session refresh timeout in function proc_session_timer() run transmit_reinvite_with_sdp()
- call has been terminated and channel is destroying
{noformat}
+====================================+
| sched thread |
+====================================+
..
proc_session_timer()
transmit_reinvite_with_sdp (p, ..)
try_suggested_sip_codec(p,..) +=========================+
pbx_builtin_getvar_helper(chan=p->owner) | channel thread |
+=========================+
| ... |
<---------------------------------| sip_hangup |
| sip_set_owner(p, NULL);|
| p->owner = NULL; |
| ... |
| channel destroy |
ast_channel_lock(chan); +-------------------------+
{noformat}
was:
I have a problem with accidentally overwriting the heap in the situation:
- process session refresh timeout in function proc_session_timer() run transmit_reinvite_with_sdp()
- call has been terminated and channel is destroying
{noformat}
+====================================+
| sched thread |
+====================================+
..
proc_session_timer()
transmit_reinvite_with_sdp (p, ..)
try_suggested_sip_codec(p,..) +=========================+
pbx_builtin_getvar_helper(chan=p->owner) | channel thread |
+=========================+
| ... |
<---------------------------------| sip_hangup |
| sip_set_owner(p, NULL);|
| p->owner = NULL; |
| ... |
| channel destroy |
ast_channel_lock(chan); +-------------------------+
{noformat}
> chan_sip - no lock pvt data in proc_session_timer()
> ---------------------------------------------------
>
> Key: ASTERISK-28286
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28286
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Affects Versions: 13.24.1
> Environment: Ubuntu 12.04
> Reporter: Krzysztof Trempala
>
> I have a problem with accidentally overwriting the heap in the situation:
> - process session refresh timeout in function proc_session_timer() run transmit_reinvite_with_sdp()
> - call has been terminated and channel is destroying
> {noformat}
> +====================================+
> | sched thread |
> +====================================+
> ..
> proc_session_timer()
> transmit_reinvite_with_sdp (p, ..)
> try_suggested_sip_codec(p,..) +=========================+
> pbx_builtin_getvar_helper(chan=p->owner) | channel thread |
> +=========================+
> | ... |
> <---------------------------------| sip_hangup |
> | sip_set_owner(p, NULL);|
> | p->owner = NULL; |
> | ... |
> | channel destroy |
> ast_channel_lock(chan); +-------------------------+
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list