[asterisk-bugs] [JIRA] (ASTERISK-29201) Crash occurs when Transfer and execute Hangup before the Transfer result

Dan Cropp (JIRA) noreply at issues.asterisk.org
Tue Dec 8 13:57:16 CST 2020


    [ https://issues.asterisk.org/jira/browse/ASTERISK-29201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=252992#comment-252992 ] 

Dan Cropp commented on ASTERISK-29201:
--------------------------------------

I need to submit a new modification.  We believe there was still a potential timing issue that could occur.
We will test this modification and submit the change.

> Crash occurs when Transfer and execute Hangup before the Transfer result 
> -------------------------------------------------------------------------
>
>                 Key: ASTERISK-29201
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29201
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip
>    Affects Versions: 16.15.0, 17.9.0, 18.1.0
>         Environment: Ubuntu 16 and 18
>            Reporter: Dan Cropp
>            Assignee: Dan Cropp
>         Attachments: core-brief.txt, core-full.txt, core-info.txt, core-locks.txt, core-thread1.txt, messages
>
>
> In the code I submitted for ASTERISK-26968 there is a bug which can cause a crash.  
> We perform a transfer using AMI.
> The transferred call is not answered and we don't receive a transfer result, we then issue a Hangup using AMI.  The call terminates, but the problem is the SUBSCRIPTION/NOTIFY is trying to access session memory after it has been freed by the hangup.
> What's missing is correct session reference counting to make sure it's not released until after we no longer need it.
> We have a fix for this issue which I would like to submit.  I will need to refresh on the steps to make a submission.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list