<p>Alexei Gradinari has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/11417">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_fax: fix segfault on inactive "reserved" fax session<br><br>The change #10017 "Handle fax gateway being started more than once"<br>introdiced a bug which leads to segfault in res_fax_spandsp.<br><br>The res_fax_spandsp module does not support reserving sessions, so<br>fax_session_reserve returns a fax session with state AST_FAX_STATE_INACTIVE.<br><br>The fax_gateway_start does not create a real fax session if the fax session<br>is already present and the state is not AST_FAX_STATE_RESERVED.<br>But the "reserved" session created for res_fax_spandsp has state<br>AST_FAX_STATE_INACTIVE, so fax_gateway_start not starting.<br><br>Then when fax_gateway_framehook is called and gateway T.38 state is<br>NEGOTIATED the call of gateway->s->tech->write(gateway->s, f) leads to<br>segfault, because session tech_pvt is not set, i.e. the tech session<br>was not initialized/started.<br><br>This patch adds check also on AST_FAX_STATE_INACTIVE to the "reserved"<br>session created for res_fax_spandsp will start.<br><br>This patch also adds extra check and log ERROR if tech_pvt is not set<br>before call tech->write.<br><br>ASTERISK-27981 #close<br><br>Change-Id: Ife3e65e5f18c902db2ff0538fccf7d28f88fa803<br>---<br>M res/res_fax.c<br>1 file changed, 9 insertions(+), 1 deletion(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/17/11417/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/res/res_fax.c b/res/res_fax.c</span><br><span>index 7338507..647ec2a 100644</span><br><span>--- a/res/res_fax.c</span><br><span>+++ b/res/res_fax.c</span><br><span>@@ -1106,6 +1106,7 @@</span><br><span>                        s->details->caps &= ~AST_FAX_TECH_GATEWAY;</span><br><span>                 }</span><br><span>            ao2_ref(s->details, -1);</span><br><span style="color: hsl(120, 100%, 40%);">+           s->details = NULL;</span><br><span>        }</span><br><span> </span><br><span>        if (s->debug_info) {</span><br><span>@@ -2915,7 +2916,8 @@</span><br><span>      int start_res;</span><br><span> </span><br><span>   /* if the fax gateway is already started then do nothing */</span><br><span style="color: hsl(0, 100%, 40%);">-     if (gateway->s && gateway->s->state != AST_FAX_STATE_RESERVED) {</span><br><span style="color: hsl(120, 100%, 40%);">+     if (gateway->s &&</span><br><span style="color: hsl(120, 100%, 40%);">+          gateway->s->state != AST_FAX_STATE_RESERVED && gateway->s->state != AST_FAX_STATE_INACTIVE) {</span><br><span>            return 0;</span><br><span>    }</span><br><span> </span><br><span>@@ -3510,6 +3512,12 @@</span><br><span>       /* in gateway mode, gateway some packets */</span><br><span>  if (gateway->t38_state == T38_STATE_NEGOTIATED) {</span><br><span>                 struct ast_trans_pvt *readtrans;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+            if (!gateway->s || !gateway->s->tech_pvt) {</span><br><span style="color: hsl(120, 100%, 40%);">+                  ast_log(LOG_ERROR, "no FAX session on chan %s for T.38 gateway session, odd", ast_channel_name(chan));</span><br><span style="color: hsl(120, 100%, 40%);">+                      return f;</span><br><span style="color: hsl(120, 100%, 40%);">+             }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span>          /* framehooks are called in __ast_read() before frame format</span><br><span>                  * translation is done, so we need to translate here */</span><br><span>              if ((f->frametype == AST_FRAME_VOICE) && (ast_format_cmp(f->subclass.format, ast_format_slin) != AST_FORMAT_CMP_EQUAL)</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/11417">change 11417</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/11417"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: Ife3e65e5f18c902db2ff0538fccf7d28f88fa803 </div>
<div style="display:none"> Gerrit-Change-Number: 11417 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Alexei Gradinari <alex2grad@gmail.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>