[asterisk-commits] mjordan: branch 11 r385173 - in /branches/11: ./ channels/chan_sip.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Wed Apr 10 09:05:11 CDT 2013
Author: mjordan
Date: Wed Apr 10 09:05:07 2013
New Revision: 385173
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=385173
Log:
Fix crash in chan_sip when a core initiated op occurs at the same time as a BYE
When a BYE request is processed in chan_sip, the current SIP dialog is detached
from its associated Asterisk channel structure. The tech_pvt pointer in the
channel object is set to NULL, and the dialog persists for an RFC mandated
period of time to handle re-transmits.
While this process occurs, the channel is locked (which is good).
Unfortunately, operations that are initiated externally have no way of knowing
that the channel they've just obtained (which is still valid) and that they are
attempting to lock is about to have its tech_pvt pointer removed. By the time
they obtain the channel lock and call the channel technology callback, the
tech_pvt is NULL.
This patch adds a few checks to some channel callbacks that make sure the
tech_pvt isn't NULL before using it. Prime offenders were the DTMF digit
callbacks, which would crash if AMI initiated a DTMF on the channel at the
same time as a BYE was received from the UA. This patch also adds checks on
sip_transfer (as AMI can also cause a callback into this function), as well
as sip_indicate (as lots of things can queue an indication onto a channel).
Review: https://reviewboard.asterisk.org/r/2434/
(closes issue ASTERISK-20225)
Reported by: Jeff Hoppe
........
Merged revisions 385170 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Modified:
branches/11/ (props changed)
branches/11/channels/chan_sip.c
Propchange: branches/11/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.
Modified: branches/11/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/channels/chan_sip.c?view=diff&rev=385173&r1=385172&r2=385173
==============================================================================
--- branches/11/channels/chan_sip.c (original)
+++ branches/11/channels/chan_sip.c Wed Apr 10 09:05:07 2013
@@ -7253,6 +7253,11 @@
int res = 0;
struct sip_pvt *p = ast_channel_tech_pvt(ast);
+ if (!p) {
+ ast_debug(1, "Asked to answer channel %s without tech pvt; ignoring\n",
+ ast_channel_name(ast));
+ return res;
+ }
sip_pvt_lock(p);
if (ast_channel_state(ast) != AST_STATE_UP) {
try_suggested_sip_codec(p);
@@ -7422,6 +7427,12 @@
struct sip_pvt *p = ast_channel_tech_pvt(ast);
int res = 0;
+ if (!p) {
+ ast_debug(1, "Asked to begin DTMF digit on channel %s with no pvt; ignoring\n",
+ ast_channel_name(ast));
+ return res;
+ }
+
sip_pvt_lock(p);
switch (ast_test_flag(&p->flags[0], SIP_DTMF)) {
case SIP_DTMF_INBAND:
@@ -7445,6 +7456,12 @@
{
struct sip_pvt *p = ast_channel_tech_pvt(ast);
int res = 0;
+
+ if (!p) {
+ ast_debug(1, "Asked to end DTMF digit on channel %s with no pvt; ignoring\n",
+ ast_channel_name(ast));
+ return res;
+ }
sip_pvt_lock(p);
switch (ast_test_flag(&p->flags[0], SIP_DTMF)) {
@@ -7471,6 +7488,12 @@
struct sip_pvt *p = ast_channel_tech_pvt(ast);
int res;
+ if (!p) {
+ ast_debug(1, "Asked to transfer channel %s with no pvt; ignoring\n",
+ ast_channel_name(ast));
+ return -1;
+ }
+
if (dest == NULL) /* functions below do not take a NULL */
dest = "";
sip_pvt_lock(p);
@@ -7665,6 +7688,12 @@
{
struct sip_pvt *p = ast_channel_tech_pvt(ast);
int res = 0;
+
+ if (!p) {
+ ast_debug(1, "Asked to indicate condition on channel %s with no pvt; ignoring\n",
+ ast_channel_name(ast));
+ return res;
+ }
sip_pvt_lock(p);
switch(condition) {
More information about the asterisk-commits
mailing list