[asterisk-dev] Race condition in app_meetme generates a SIGSEGV
BJ Weschke
bweschke at gmail.com
Wed May 31 04:33:23 MST 2006
On 5/31/06, BJ Weschke <bweschke at gmail.com> wrote:
> On 5/31/06, Constantine Filin <cfilin at intermedia.net> wrote:
> > Greetings
> >
> > A race condition in function "conf_run" happens when a caller is joining
> > a conference just before the last conference use it leaving it.
> >
> > Here's the details:
> >
> > Say, the last caller "A" is leaving the conference while another caller
> > "B"
> > is joining it.
> >
> > A's thread is between line 1565 in app_meetme.c and line 1617,
> > "conflock" mutex is locked. B's thread is waiting for "conflock" mutex
> > on line 865 of app_meetme.c.
> >
> > A's thread is seeing that it is the last user and on line 1582 it calls
> > "conf_free" releasing the conference. Then A's thread proceeds to line
> > 1617 to release "conflock".
> >
> > Once "conflock"" is released, B's thread grabs it on line 865 and
> > accesses "conf" structure that has just been released by A's thread.
> >
> > Yesterday this race condition crashed my PBX. :(
> >
> > I think the right solution is to keep conference reference counting at
> > the place where "conf_run" is called.
> >
> > Who is the main caretaker of app_meetme.c? I would like to work with
> > this person to develop a fix.
> >
I just saw your bug #7250 on Mantis. Please see my comment attached.
--
Bird's The Word Technologies, Inc.
http://www.btwtech.com/
More information about the asterisk-dev
mailing list