[asterisk-dev] 12.5.0 cache_entry_compute_hash/app_meeme crash

Jared Mauch jared at puck.Nether.net
Fri Aug 29 21:57:25 CDT 2014 

I have a crash here:

(gdb) bt
#0  ast_hashtab_hash_string (obj=0x144) at hashtab.c:166
#1  0x00000000005937d2 in cache_entry_compute_hash (cache=0x2b70870, type=<value optimized out>, id=0x144 <Address 0x144 out of bounds>) at stasis_cache.c:180
#2  cache_find (cache=0x2b70870, type=<value optimized out>, id=0x144 <Address 0x144 out of bounds>) at stasis_cache.c:362
#3  stasis_cache_get_by_eid (cache=0x2b70870, type=<value optimized out>, id=0x144 <Address 0x144 out of bounds>) at stasis_cache.c:627
#4  stasis_cache_get (cache=0x2b70870, type=<value optimized out>, id=0x144 <Address 0x144 out of bounds>) at stasis_cache.c:641
#5  0x0000000000597350 in ast_channel_snapshot_get_latest (channel_id=0x144 <Address 0x144 out of bounds>, type=0x34595a8, blob=0x7f4b78002058) at stasis_channels.c:516
#6  ast_channel_blob_create_from_cache (channel_id=0x144 <Address 0x144 out of bounds>, type=0x34595a8, blob=0x7f4b78002058) at stasis_channels.c:407
#7  0x00007f4d1e5036fe in meetme_stasis_generate_msg (meetme_conference=<value optimized out>, chan=0x0, user=0x0, message_type=0x34595a8, extras=<value optimized out>)
    at app_meetme.c:1382
#8  0x00007f4d1e5037c1 in conf_free (conf=0x7f4b78002a20) at app_meetme.c:2326
#9  0x00007f4d1e515db3 in dispose_conf (chan=0x7f4b480eab78, data=<value optimized out>) at app_meetme.c:2503
#10 conf_exec (chan=0x7f4b480eab78, data=<value optimized out>) at app_meetme.c:5143
#11 0x000000000054a915 in pbx_exec (c=0x7f4b480eab78, app=0x345b100, data=0x7f4a499f5690 "4006,cdsT") at pbx.c:1606
#12 0x0000000000554b9e in pbx_extension_helper (c=0x7f4b480eab78, con=0x0, context=0x7f4b480ebc18 "macro-stdconf", exten=0x7f4b480ebc68 "s", priority=11, label=0x0, 
    callerid=0x7f4b48062a80 "1005", action=E_SPAWN, found=0x7f4a499f857c, combined_find_spawn=1) at pbx.c:4878
#13 0x0000000000555020 in ast_spawn_extension (c=<value optimized out>, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, 
    callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:5893
#14 0x00007f4d17de7c78 in _macro_exec (chan=0x7f4b78002358, data=<value optimized out>, exclusive=0) at app_macro.c:412
#15 0x000000000054a915 in pbx_exec (c=0x7f4b480eab78, app=0x330ac70, data=0x7f4a499f86e0 "stdconf,4006,0000,0,Shawn Morris,0,1006,0,0,0,0") at pbx.c:1606
#16 0x0000000000554b9e in pbx_extension_helper (c=0x7f4b480eab78, con=0x0, context=0x7f4b480ebc18 "macro-stdconf", exten=0x7f4b480ebc68 "s", priority=1, label=0x0, 
    callerid=0x7f4b48062a80 "1005", action=E_SPAWN, found=0x7f4a499facbc, combined_find_spawn=1) at pbx.c:4878
#17 0x000000000055b515 in ast_spawn_extension (c=0x7f4b480eab78, args=0x0) at pbx.c:5893
#18 __ast_pbx_run (c=0x7f4b480eab78, args=0x0) at pbx.c:6310
---Type <return> to continue, or q <return> to quit---down
#19 0x000000000055cbfb in pbx_thread (data=<value optimized out>) at pbx.c:6635
#20 0x00000000005b197b in dummy_start (data=<value optimized out>) at utils.c:1170
#21 0x000000380dc079d1 in start_thread () from /lib64/libpthread.so.0
#22 0x000000380d8e8b5d in clone () from /lib64/libc.so.6


It appears to be triggered when taking the meetme_statis_generate_msg of
chan=NULL and passing it downstream to ast_channel_blob_create_from_cache

#7  0x00007f4d1e5036fe in meetme_stasis_generate_msg (meetme_conference=<value optimized out>, chan=0x0, user=0x0, message_type=0x34595a8, extras=<value optimized out>)
    at app_meetme.c:1382
1382		msg = ast_channel_blob_create_from_cache(ast_channel_uniqueid(chan), message_type, json_object);

seems there should be a check here in app_meetme.c for this.  I also saw
either this or something similar in asterisk-13.0.0-beta1.

I'm working on converting everything to confbridge vs meetme but
not quite there yet as some meetme features we are using are missing
and not available via ari/ami.  (I will be submitting patches for this
soon).

This occurs when someone is hanging up on a meetme room and I can easily
replicate it on demand.

This patch seems to correct the issue as it doesn't reference a null via
ast_channel_unique()

diff -ur asterisk-12.5.0-dist/apps/app_meetme.c asterisk-12.5.0/apps/app_meetme.c
--- asterisk-12.5.0-dist/apps/app_meetme.c	2014-07-22 14:13:14.000000000 +0000
+++ asterisk-12.5.0/apps/app_meetme.c	2014-08-30 03:00:37.281344307 +0000
@@ -1379,6 +1379,9 @@
 		}
 	}
 
+	if (chan == NULL) {
+		return;
+	}
 	msg = ast_channel_blob_create_from_cache(ast_channel_uniqueid(chan), message_type, json_object);
 
 	if (!msg) {


	- Jared

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the asterisk-dev mailing list