[Asterisk-code-review] scheduler: Detect and prevent overflow of scheduler IDs. (asterisk[certified/13.1])

Mark Michelson asteriskteam at digium.com
Tue Sep 8 11:57:14 CDT 2015 

Mark Michelson has uploaded a new change for review.

  https://gerrit.asterisk.org/1219

Change subject: scheduler: Detect and prevent overflow of scheduler IDs.
......................................................................

scheduler: Detect and prevent overflow of scheduler IDs.

If a particularly busy system stays up for a long time, there is a
chance that a scheduler context's event count will exceed INT_MAX.
When this gets assigned to a scheduler ID, which is signed, this results
in a massively negative number being assigned instead. Callers of
ast_sched_add() (and its variants) end up thinking that the operation
failed since the scheduler ID of the task they just scheduled is
negative. This results in callers potentially freeing memory or
decreasing refcounts because they think the item is not in the
scheduler. In reality, the item is in the scheduler, and it is likely
that when the time comes to run the scheduled task, there will be
repercussions, such as a crash.

The fix here is to detect when the scheduler assigns a negative value to
a scheduled task and reset the event counter to 0 when this happens.

Change-Id: Ia79fe17ee576edaca5c9cf0f45aaf4d6fdd0e7bb
---
M main/sched.c
1 file changed, 7 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/19/1219/1

diff --git a/main/sched.c b/main/sched.c
index 173d2c0..e0c76d5 100644
--- a/main/sched.c
+++ b/main/sched.c
@@ -369,6 +369,13 @@
 	ast_mutex_lock(&con->lock);
 	if ((tmp = sched_alloc(con))) {
 		tmp->id = con->eventcnt++;
+		/* Overflow has been observed on busy systems in the past, so be sure
+		 * not to set tmp->id to a negative value if the scheduler context
+		 * is long-running.
+		 */
+		if (tmp->id < 0) {
+			tmp->id = con->eventcnt = 0;
+		}
 		tmp->callback = callback;
 		tmp->data = data;
 		tmp->resched = when;

-- 
To view, visit https://gerrit.asterisk.org/1219
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia79fe17ee576edaca5c9cf0f45aaf4d6fdd0e7bb
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: certified/13.1
Gerrit-Owner: Mark Michelson <mmichelson at digium.com>

More information about the asterisk-code-review mailing list