[asterisk-bugs] [JIRA] (ASTERISK-30490) stasis.c : Issue while deleting the bridge

Yash Khandelwal (JIRA) noreply at issues.asterisk.org
Mon Apr 10 10:46:03 CDT 2023


    [ https://issues.asterisk.org/jira/browse/ASTERISK-30490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=261711#comment-261711 ] 

Yash Khandelwal commented on ASTERISK-30490:
--------------------------------------------

The crash occurred while the program was trying to delete a topic from the Stasis topic pool. It seems that the topic name passed to the function stasis_topic_pool_delete_topic() was an invalid memory address , which caused the program to crash when the __strncmp_avx2() function was called to compare the topic name with the names of topics in the pool.

Basically when we get two simultaneous requests to delete the same bridge then there is a possibility .


Even if the scenario has not come  we can't compare null in strncmp. We got the case when same request came 2 time


> stasis.c : Issue while deleting the bridge
> ------------------------------------------
>
>                 Key: ASTERISK-30490
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30490
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/Stasis
>    Affects Versions: 18.9.0
>         Environment: Ubuntu-18.04
>            Reporter: Yash Khandelwal
>            Assignee: Unassigned
>            Severity: Major
>              Labels: patch, stasis
>         Attachments: stasis.patch
>
>
> Issue while deleting the bridge :
> Getting the core dump 
> {noformat}
> #0  __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:102
> #1  0x00005636f48bdecb in stasis_topic_pool_delete_topic (pool=0x5636f70bd0d8, topic_name=0x25 <error: Cannot access memory at address 0x25>) at stasis.c:1876
> #2  0x00005636f48c040c in bridge_topics_destroy (bridge=bridge at entry=0x7f75900b2dd0) at stasis_bridges.c:347
> #3  0x00005636f479c6ce in destroy_bridge (obj=0x7f75900b2dd0) at bridge.c:666
> #4  0x00005636f478c462 in __ao2_ref (user_data=0x7f75900b2dd0, delta=-1, tag=0x0, file=0x7f7772d44000 "res_stasis.c", line=1393, 
>     func=0x7f7772d44fb0 <__PRETTY_FUNCTION__.20350> "_dtor_last_bridge") at astobj2.c:615
> #5  0x00007f7772d3861d in _dtor_last_bridge (v=<synthetic pointer>) at res_stasis.c:1545
> #6  stasis_app_exec (chan=chan at entry=0x7f74f80ce6b0, app_name=<optimized out>, argc=<optimized out>, argv=argv at entry=0x7f738b928980) at res_stasis.c:1393
> #7  0x00007f77728683c9 in app_exec (chan=0x7f74f80ce6b0, data=0x7f74f8080438 "agent-dial,accountCode-agentExten_1344_AD040720231307385679,timeout-30")
>     at app_stasis.c:105
> #8  0x00005636f486edbc in pbx_exec (c=0x7f74f80ce6b0, app=0x5636f7cdb970, data=<optimized out>)
>     at /usr/src/asterisk/asterisk-certified-18.9-cert4/include/asterisk/strings.h:67
> #9  0x00007f777213630d in ari_channel_thread (data=data at entry=0x7f74f8080f20) at /usr/src/asterisk/asterisk-certified-18.9-cert4/include/asterisk/strings.h:739
> #10 0x00005636f48ee338 in dummy_start (data=<optimized out>) at utils.c:1572
> #11 0x00007f77928df609 in start_thread (arg=<optimized out>) at pthread_create.c:477
> #12 0x00007f779265f133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
> #0  __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:102
> No locals.
> {noformat}
> I have fixed the issue and also have provided the patch 



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list