[Asterisk-code-review] bridge.c: Crash during attended transfer when missing a loca... (asterisk[13])

Richard Mudgett asteriskteam at digium.com
Wed Mar 2 13:43:08 CST 2016 

Richard Mudgett has posted comments on this change.

Change subject: bridge.c: Crash during attended transfer when missing a local channel half
......................................................................


Patch Set 1: Code-Review-1

(7 comments)

https://gerrit.asterisk.org/#/c/2319/1//COMMIT_MSG
Commit Message:

Line 18: the bridge) thus if fails to enter the stasis application. Consequently, the
s/thus if fails/thus it fails/


https://gerrit.asterisk.org/#/c/2319/1/main/bridge.c
File main/bridge.c:

Line 3982: 	RAII_VAR(struct ast_channel *, local_chan, NULL, ao2_cleanup);
Have I mentioned how much I dislike RAII_VAR?  It makes you think that everything is automatically taken care of when that may not be true.  You still have to look at all return points to verify that RAII_VAR is doing what you need.

In this case, you have converted to using RAII_VAR incorrectly as pointed out in subsequent findings.  It would make the patch smaller and correct if you didn't use RAII_VAR.


Line 4007: if (res) {
         : 		return AST_BRIDGE_TRANSFER_FAIL;
         : 	
What hangs up local_chan on failure now?
ast_hangup() unrefs the channel so you would need to bump it by an extra one to use RAII_VAR.


Line 4020: 	if (ast_call(local_chan, dest, 0)) {
         : 		ast_hangup(local_chan);
         : 		BRIDGE_LOCK_ONE_OR_BOTH(bridge1, bridge2);
         : 		return AST_BRIDGE_TRANSFER_FAIL;
         : 	}
RAII_VAR is now unreffing the local_chan one too many times after it has been unrefed by ast_hangup().


Line 4050: 			struct ast_channel *tmp = locals[0];
tmp is such a meaningless name.  Suggest swap_me

Or even better use the SWAP() macro defined in utils.h.


https://gerrit.asterisk.org/#/c/2319/1/main/core_local.c
File main/core_local.c:

Line 255: 	struct ast_unreal_pvt *base = &p->base;
        : 
        : 	if (!p) {
Kind of silly checking for NULL p after you have already used it.


Line 271: 	ao2_unlock(base);
        : 	ao2_unlock(p);
Unlocking the same thing twice and missing ao2_ref(p, -1)


-- 
To view, visit https://gerrit.asterisk.org/2319
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ie6d6061e34c7c95f07116fffac9a09e5d225c880
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-HasComments: Yes

More information about the asterisk-code-review mailing list