<p>George Joseph <strong>merged</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/11447">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Joshua Colp: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved; Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">chan_pjsip.c: Check for channel and session to not be NULL in hangup<br><br>We have seen some rare case of segmentation fault in hangup function<br>and we could notice that channel pointer was NULL. Debug log shows<br>that there is a 200 OK answer and SIP timeout at the same time. It<br>looks that while the SIP session was being destroyed due to timeout<br>call hangup due to answer event lead to race condition and channel<br>is being destroyed from two different places. The check ensures we<br>check it not to be NULL before freeing it.<br><br>ASTERISK-25371<br><br>Change-Id: I19f6566830640625e08f7b87bfe15758ad33a778<br>---<br>M channels/chan_pjsip.c<br>1 file changed, 19 insertions(+), 10 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/channels/chan_pjsip.c b/channels/chan_pjsip.c</span><br><span>index f2187ef..e61a408 100644</span><br><span>--- a/channels/chan_pjsip.c</span><br><span>+++ b/channels/chan_pjsip.c</span><br><span>@@ -2336,18 +2336,27 @@</span><br><span> struct hangup_data *h_data = data;</span><br><span> struct ast_channel *ast = h_data->chan;</span><br><span> struct ast_sip_channel_pvt *channel = ast_channel_tech_pvt(ast);</span><br><span style="color: hsl(0, 100%, 40%);">- struct ast_sip_session *session = channel->session;</span><br><span style="color: hsl(0, 100%, 40%);">- int cause = h_data->cause;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> /*</span><br><span style="color: hsl(0, 100%, 40%);">- * It's possible that session_terminate might cause the session to be destroyed</span><br><span style="color: hsl(0, 100%, 40%);">- * immediately so we need to keep a reference to it so we can NULL session->channel</span><br><span style="color: hsl(0, 100%, 40%);">- * afterwards.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Before cleaning we have to ensure that channel or its session is not NULL</span><br><span style="color: hsl(120, 100%, 40%);">+ * we have seen rare case when taskprocessor calls hangup but channel is NULL</span><br><span style="color: hsl(120, 100%, 40%);">+ * due to SIP session timeout and answer happening at the same time</span><br><span> */</span><br><span style="color: hsl(0, 100%, 40%);">- ast_sip_session_terminate(ao2_bump(session), cause);</span><br><span style="color: hsl(0, 100%, 40%);">- clear_session_and_channel(session, ast);</span><br><span style="color: hsl(0, 100%, 40%);">- ao2_cleanup(session);</span><br><span style="color: hsl(0, 100%, 40%);">- ao2_cleanup(channel);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (channel) {</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_sip_session *session = channel->session;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (session) {</span><br><span style="color: hsl(120, 100%, 40%);">+ int cause = h_data->cause;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /*</span><br><span style="color: hsl(120, 100%, 40%);">+ * It's possible that session_terminate might cause the session to be destroyed</span><br><span style="color: hsl(120, 100%, 40%);">+ * immediately so we need to keep a reference to it so we can NULL session->channel</span><br><span style="color: hsl(120, 100%, 40%);">+ * afterwards.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_sip_session_terminate(ao2_bump(session), cause);</span><br><span style="color: hsl(120, 100%, 40%);">+ clear_session_and_channel(session, ast);</span><br><span style="color: hsl(120, 100%, 40%);">+ ao2_cleanup(session);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ ao2_cleanup(channel);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> ao2_cleanup(h_data);</span><br><span> return 0;</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/11447">change 11447</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/11447"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I19f6566830640625e08f7b87bfe15758ad33a778 </div>
<div style="display:none"> Gerrit-Change-Number: 11447 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Abhay Gupta <abhay@avissol.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>