<p>Richard Mudgett has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/7755">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">bridge_native_rtp.c: Fix reentrancy franehook crash.<br><br>If two channels enter different native rtp bridges at the same time it is<br>possible that the framehook interface data pointer can be corrupted<br>because the struct variable was declared static.<br><br>* Fixed the reentrancy corruption by changing the framehook interface<br>struct static variable to a stack local variable.<br><br>* Moved the hook.data assignment outside of the channel lock. It did not<br>need the lock's protection. It probably was giving a false sense of<br>security.<br><br>The testsuite<br>channels/pjsip/basic_calls/two_parties/nominal/alice_initiated/bob_hangs_up<br>test caught this with MALLOC_DEBUG and DO_CRASH enabled.<br><br>Change-Id: If9e35b97d19209b0f984941c1d8eb5f7c55eea91<br>---<br>M bridges/bridge_native_rtp.c<br>1 file changed, 3 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/55/7755/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/bridges/bridge_native_rtp.c b/bridges/bridge_native_rtp.c<br>index edbfe58..e07f7fa 100644<br>--- a/bridges/bridge_native_rtp.c<br>+++ b/bridges/bridge_native_rtp.c<br>@@ -753,7 +753,7 @@<br> static int native_rtp_bridge_framehook_attach(struct ast_bridge_channel *bridge_channel)<br> {<br> struct native_rtp_bridge_channel_data *data = bridge_channel->tech_pvt;<br>- static struct ast_framehook_interface hook = {<br>+ struct ast_framehook_interface hook = {<br> .version = AST_FRAMEHOOK_INTERFACE_VERSION,<br> .event_cb = native_rtp_framehook,<br> .destroy_cb = __ao2_cleanup,<br>@@ -771,9 +771,10 @@<br> ast_debug(2, "Bridge '%s'. Attaching hook data %p to '%s'\n",<br> bridge_channel->bridge->uniqueid, data, ast_channel_name(bridge_channel->chan));<br> <br>- ast_channel_lock(bridge_channel->chan);<br> /* We're giving 1 ref to the framehook and keeping the one from the alloc for ourselves */<br> hook.data = ao2_bump(data->hook_data);<br>+<br>+ ast_channel_lock(bridge_channel->chan);<br> data->hook_data->id = ast_framehook_attach(bridge_channel->chan, &hook);<br> ast_channel_unlock(bridge_channel->chan);<br> if (data->hook_data->id < 0) {<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7755">change 7755</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7755"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: If9e35b97d19209b0f984941c1d8eb5f7c55eea91 </div>
<div style="display:none"> Gerrit-Change-Number: 7755 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Richard Mudgett <rmudgett@digium.com> </div>