[asterisk-dev] channel.c:ast_channel_free question

Norman Franke norman at myasd.com
Thu Mar 13 13:12:56 CDT 2008 

>> While tracking down another issue, I came across this code in
>> main/channel.c:ast_channel_free:
>>
>>         if (chan->tech_pvt) {
>>                 ast_log(LOG_WARNING, "Channel '%s' may not have been
>> hung up properly\n", chan->name);
>>                 free(chan->tech_pvt);
>>         }
>>
>> I had valgrind report something was still using this. That may  
>> have been
>> due to some other bugs since fixed in bug report 11940, but I'm not
>> sure. Anyway, should this really be freeing chan->tech_pvt when  
>> chan_sip
>> should generally be taking care of that?
>>
> The bug in this case would be that chan_sip still has a reference  
> to the channel
> after the channel has been free'd.  That is not supposed to ever  
> happen.

I had a another one, but different. Are these legit bugs or not? It's  
very rare when this happens. Once incident in a week (although  
several messages like this came as it continued to use the region of  
memory.) I'm not sure how many people run Asterisk under valgrind and  
take 15,000 calls a day for a week.

This one happened while reloading extensions.

==21469== Thread 66:
==21469== Invalid read of size 4
==21469==    at 0x80C1456: pbx_substitute_variables (pbx.c:1771)
==21469==    by 0x80C1702: pbx_extension_helper (pbx.c:1829)
==21469==    by 0x80C29A5: ast_spawn_extension (pbx.c:2306)
==21469==    by 0x80C2EC1: __ast_pbx_run (pbx.c:2408)
==21469==    by 0x80C3C76: pbx_thread (pbx.c:2623)
==21469==    by 0x80FFF00: dummy_start (utils.c:852)
==21469==    by 0x403123F: start_thread (in /lib/tls/i686/cmov/ 
libpthread-2.3.6.so)
==21469==    by 0x418349D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so)
==21469==  Address 0x5142f3c is 132 bytes inside a block of size 178  
free'd
==21469==    at 0x401D40C: free (vg_replace_malloc.c:323)
==21469==    by 0x8072226: __ast_free_region (astmm.c:174)
==21469==    by 0x80725B2: __ast_free (astmm.c:208)
==21469==    by 0x80C3C5D: destroy_exten (pbx.c:2608)
==21469==    by 0x80CA0F2: __ast_context_destroy (pbx.c:5337)
==21469==    by 0x80C6AFB: ast_merge_contexts_and_delete (pbx.c:3972)
==21469==    by 0x567A8D4: ??? (pbx_config.c:2458)
==21469==    by 0x5679300: ??? (pbx_config.c:2083)
==21469==    by 0x8092672: ast_cli_command (cli.c:1992)
==21469==    by 0x806D095: consolehandler (asterisk.c:1396)
==21469==    by 0x8071F03: main (asterisk.c:3016)

Norman Franke
Answering Service for Directors, Inc.
www.myasd.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-dev/attachments/20080313/76a59c31/attachment.htm

More information about the asterisk-dev mailing list