[asterisk-bugs] [JIRA] (ASTERISK-29201) Crash occurs when Transfer and execute Hangup before the Transfer result
Dan Cropp (JIRA)
noreply at issues.asterisk.org
Mon Dec 7 16:09:16 CST 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-29201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Cropp updated ASTERISK-29201:
---------------------------------
Description:
In the code I submitted for ASTERISK-26968 there is a bug which can cause a crash.
We perform a transfer using AMI.
The transferred call is not answered and we don't receive a transfer result, we then issue a Hangup using AMI. The call terminates, but the problem is the SUBSCRIPTION/NOTIFY is trying to access session memory after it has been freed by the hangup.
What's missing is correct session reference counting to make sure it's not released until after we no longer need it.
We have a fix for this issue which I would like to submit. I will need to refresh on the steps to make a submission.
was:
In the code I submitted for ASTERISK-26968 there is a bug which can cause a crash. That code added support for a SUBSCRIPTION session which was not always being cleaned up.
We perform a transfer using AMI. The transferred call is not answered and we don't receive a transfer result, we then issue a Hangup using AMI. The call terminates, but does not cleanup the SUBSCRIPTION. As a result, there is a leak. What we found at two different sites is the SUBSCRIBE/NOTIFY happens roughly 10 minutes later and often (not 100%) crashes.
Regardless of the crash or not, the code is missing some conditions where it should cleanup the subscription.
We have a fix for this issue which I would like to submit. I will need to refresh on the steps to make a submission.
Updated the description to more accurately reflect the issue.
> Crash occurs when Transfer and execute Hangup before the Transfer result
> -------------------------------------------------------------------------
>
> Key: ASTERISK-29201
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-29201
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_pjsip
> Affects Versions: 16.15.0, 17.9.0, 18.1.0
> Environment: Ubuntu 16 and 18
> Reporter: Dan Cropp
> Assignee: Dan Cropp
>
> In the code I submitted for ASTERISK-26968 there is a bug which can cause a crash.
> We perform a transfer using AMI.
> The transferred call is not answered and we don't receive a transfer result, we then issue a Hangup using AMI. The call terminates, but the problem is the SUBSCRIPTION/NOTIFY is trying to access session memory after it has been freed by the hangup.
> What's missing is correct session reference counting to make sure it's not released until after we no longer need it.
> We have a fix for this issue which I would like to submit. I will need to refresh on the steps to make a submission.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list