[asterisk-dev] [Code Review] 2434: Prevent crash when externally initiated DTMF is begun/ended on a SIP channel that has just finished processing a BYE

Matt Jordan reviewboard at asterisk.org
Tue Apr 9 12:35:10 CDT 2013


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2434/
-----------------------------------------------------------

(Updated April 9, 2013, 5:35 p.m.)


Review request for Asterisk Developers.


Changes
-------

Return res instead of being explicit with 0.


Bugs: ASTERISK-20225
    https://issues.asterisk.org/jira/browse/ASTERISK-20225


Repository: Asterisk


Description
-------

A race condition can occur between a channel that has a DTMF played back on it from AMI and the underlying SIP dialog receiving a BYE request. The DTMF will be queued up for action on the channel and - while the frames are queued up - a BYE request will be received. The SIP pvt will be removed from the channel and the tech_pvt pointer set to NULL. When the channel lock is released, the frames get processed. This will call either sip_senddigit_begin/sip_senddigit_end and - since the pvt is NULL - the dreaded FRACK error will occur.

(Or you just crash)

This patch does the really simple thing and bails if the pvt pointer is NULL. It's actually valid - there isn't any way for AMI to know that the pvt just got nuked, and chan_sip is locking the channel while it removes the pvt. Sometimes, you just have to check that something isn't NULL before you use it.


Diffs (updated)
-----

  /branches/1.8/channels/chan_sip.c 384779 

Diff: https://reviewboard.asterisk.org/r/2434/diff/


Testing
-------

A test I was writing stops crashing. Yay!


Thanks,

Matt Jordan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130409/953a624a/attachment.htm>


More information about the asterisk-dev mailing list