[Asterisk-code-review] func_lock: Fix memory corruption during unload. (asterisk[master])

Jaco Kroon asteriskteam at digium.com
Sat May 22 07:45:09 CDT 2021 

Jaco Kroon has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/15943 )


Change subject: func_lock: Fix memory corruption during unload.
......................................................................

func_lock: Fix memory corruption during unload.

AST_TRAVERSE accessess current as current = current->(field).next ...
and since we free current (and ast_free poisons the memory) we either
end up on a ast_mutex_lock to a non-existing lock that can never be
obtained, or a segfault.

Incidentally add logging in the "we have to wait for a lock to release"
case, and remove an ineffective statement that sets memory that was just
cleared by ast_calloc to zero.

Change-Id: Id19ba3d9867b23d0e6783b97e6ecd8e62698b8c3
Signed-off-by: Jaco Kroon <jaco at uls.co.za>
---
M funcs/func_lock.c
1 file changed, 8 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/43/15943/1

diff --git a/funcs/func_lock.c b/funcs/func_lock.c
index 0726407..9932232 100644
--- a/funcs/func_lock.c
+++ b/funcs/func_lock.c
@@ -249,7 +249,6 @@
 			AST_LIST_UNLOCK(&locklist);
 			return -1;
 		}
-		current->requesters = 0;
 		AST_LIST_INSERT_TAIL(&locklist, current, entries);
 	}
 	/* Add to requester list */
@@ -440,9 +439,16 @@
 	ast_custom_function_unregister(&trylock_function);
 
 	AST_LIST_LOCK(&locklist);
-	AST_LIST_TRAVERSE(&locklist, current, entries) {
+	while ((current = AST_LIST_REMOVE_HEAD(&locklist, entries))) {
+		int warned = 0;
 		ast_mutex_lock(&current->mutex);
 		while (current->owner || current->requesters) {
+			if (!warned) {
+				ast_log(LOG_WARNING, "Waiting for %d requesters for %s lock %s.\n",
+						current->requesters, current->owner ? "locked" : "unlocked",
+						current->name);
+				warned = 1;
+			}
 			/* either the mutex is locked, or other parties are currently in get_lock,
 			 * we need to wait for all of those to clear first */
 			ast_cond_wait(&current->cond, &current->mutex);

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/15943
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Id19ba3d9867b23d0e6783b97e6ecd8e62698b8c3
Gerrit-Change-Number: 15943
Gerrit-PatchSet: 1
Gerrit-Owner: Jaco Kroon <jaco at uls.co.za>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20210522/26491e6a/attachment.html>

More information about the asterisk-code-review mailing list