[asterisk-commits] kmoore: branch 1.8 r411088 - /branches/1.8/channels/chan_sip.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Mar 25 10:50:45 CDT 2014
Author: kmoore
Date: Tue Mar 25 10:50:39 2014
New Revision: 411088
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=411088
Log:
chan_sip: Fix incorrect use of timers
If update_provisional_keepalive() is called while
send_provisional_keepalive_full() is waiting on the PVT lock, then
pvt->provisional_keepalive_sched_id will be changed to a new sched_id
value by update_provisional_keepalive(), but that new sched_id then may
be overwritten with -1 by send_provisional_keepalive_full(), killing
the pvt's reference to a schedule and "leaking" the reference.
(closes issue ASTERISK-22079)
Review: https://reviewboard.asterisk.org/r/3368/
Reported by: Jamuel Starkey, Matteo, Leif Madsen, Steve Davies
Patches:
provisional_keepalive_fix.diff uploaded by Steve Davies (license 5012)
Modified:
branches/1.8/channels/chan_sip.c
Modified: branches/1.8/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/channels/chan_sip.c?view=diff&rev=411088&r1=411087&r2=411088
==============================================================================
--- branches/1.8/channels/chan_sip.c (original)
+++ branches/1.8/channels/chan_sip.c Tue Mar 25 10:50:39 2014
@@ -4437,8 +4437,20 @@
const char *msg = NULL;
struct ast_channel *chan;
int res = 0;
+ int old_sched_id = pvt->provisional_keepalive_sched_id;
chan = sip_pvt_lock_full(pvt);
+ /* Check that nothing has changed while we were waiting for the lock */
+ if (old_sched_id != pvt->provisional_keepalive_sched_id) {
+ /* Keepalive has been cancelled or rescheduled, clean up and leave */
+ if (chan) {
+ ast_channel_unlock(chan);
+ chan = ast_channel_unref(chan);
+ }
+ sip_pvt_unlock(pvt);
+ dialog_unref(pvt, "dialog ref for provisional keepalive");
+ return 0;
+ }
if (!pvt->last_provisional || !strncasecmp(pvt->last_provisional, "100", 3)) {
msg = "183 Session Progress";
@@ -4464,20 +4476,9 @@
sip_pvt_unlock(pvt);
-#if 0
- /*
- * XXX BUG TODO
- *
- * Without this code, it appears as if this function is leaking its
- * reference to the sip_pvt. However, adding it introduces a crash.
- * This points to some sort of reference count imbalance elsewhere,
- * but I'm not sure where ...
- */
if (!res) {
dialog_unref(pvt, "dialog ref for provisional keepalive");
}
-#endif
-
return res;
}
More information about the asterisk-commits
mailing list