[asterisk-bugs] [JIRA] (ASTERISK-30035) ari: bridge addChannel race condition causes segfault

Richard Johnson (JIRA) noreply at issues.asterisk.org
Fri Apr 29 20:45:40 CDT 2022 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-30035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=259026#comment-259026 ] 

Richard Johnson commented on ASTERISK-30035:
--------------------------------------------

Apologies, I believe this would have been caused by the sip services completing for port 5060 with the softphone.

It may be enough for you to grab the pjsip.conf file, however to try and make things simplier I have gone a step further and included a full docker build, config and instructions to reproduce the crash.

Please see the readme.md file in https://issues.asterisk.org/jira/secure/attachment/61454/docker_bundle.tar.gz for step-by-step instructions

This dockerfile performs an asterisk build, runs it with core dumping functionality enabled, and provides an environment that the script can run in. I hope it's useful!

> ari: bridge addChannel race condition causes segfault
> -----------------------------------------------------
>
>                 Key: ASTERISK-30035
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30035
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Applications/app_stasis, Resources/res_ari, Resources/res_ari_bridges
>    Affects Versions: 18.11.1, 18.11.2
>         Environment: linux debian buster
>            Reporter: Richard Johnson
>            Assignee: Unassigned
>            Severity: Major
>         Attachments: core-asterisk-2022-04-28T03-09-04Z-brief.txt, core-asterisk-2022-04-28T03-09-17Z-brief.txt, core-asterisk-2022-04-28T04-14-03Z-brief.txt, docker_bundle.tar.gz, main.py
>
>
> There is a race condition when calling /bridges/xx/addChannel which results in asterisk crashing.
> Here is some example code to reproduce the issue:
> https://gist.github.com/rjohnsondev/babfd730d0076eb7c3404cd8c0c85d3d
> PJSUA was used as a quick client to test against: {{./pjsua-x86_64-unknown-linux-gnu --color --realm=\* --no-tcp --auto-answer=200 --max-calls=4}}
> The issue appears to be when https://github.com/asterisk/asterisk/blob/master/res/stasis/control.c#L1335 removes the bridge_features on the channel control while performing the swap in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L230
> If a secondary request to move the channel to a different bridge is received while this is happening, the bridge_features on the control for the channel will be NULL while attempting to update the features in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L222



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list