[asterisk-dev] [Code Review] 3603: func_jitterbuffer: fix errors and leaks caused by certain masquerade's

Corey Farrell reviewboard at asterisk.org
Fri Jun 13 13:48:22 CDT 2014


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/3603/
-----------------------------------------------------------

(Updated June 13, 2014, 2:48 p.m.)


Review request for Asterisk Developers, Joshua Colp and Matt Jordan.


Changes
-------

Modify changes to ast_do_masquerade so AST_JITTERBUFFER_FD is never copied.  Copying the FD is never effective without recreating the jitterbuffer framehook - the FD is closed when the clonechan is destroyed.  Add datastore fixup to remove datastore from clonechan to prevent having a datastore pointing to memory that is already freed (the old framehook).

1) Fixed - original has JB but clonechan doesn't - JB is maintained.
2) Fixed - original and clonechan have JB - the JB from original is maintained.
3) Half-fixed - clonechan has JB but original doesn't - no JB after masquerade, but also no invalid pointers.


Bugs: ASTERISK-22409
    https://issues.asterisk.org/jira/browse/ASTERISK-22409


Repository: Asterisk


Description
-------

During masquerade it is possible for the AST_JITTERBUFFER_FD to be cleared (set to -1).  This change adds a check when copying channel fd's to prevent clearing an FD with -1.  This seems to resolve the bad audio quality experienced after the masquerade.  When AST_JITTERBUFFER_FD was set to -1, this prevented the channel from polling that timer.  This caused RTP packets to be received late, and discarded.

The changes to func_jitterbuffer.c were created first.  ast_free(jbframe); is needed to prevent jbframe from leaking if it is rejected by jb_impl.  This ensures we don't start leaking packets if they are received too late or rejected by jb_impl for any other reason.

The second change to func_jitterbuffer prevents a leak of ast_null_frame's that were duplicated (ie with ast_frdup or ast_frisolate).  I believe this leak might actually be unrelated to the masquerade issue, and likely occurs for every single ast_null_frame.


Diffs (updated)
-----

  /branches/11/main/channel.c 416102 
  /branches/11/funcs/func_jitterbuffer.c 416102 

Diff: https://reviewboard.asterisk.org/r/3603/diff/


Testing
-------

Verified the scenario outlined in ASTERISK-22409 no longer experiences audio quality loss, and no longer causes leaks (tested under valgrind).  I patched asterisk to ensure that ast_frfree performed an immediate free to ensure valgrind would report any attempted use after free.

In early testing, I used debug messages instead of the added ast_frfree's - I verified the leaked frames reported by valgrind matched exactly to the number of debug messages.

For the masquerade fix I tested with some debug code that showed the old and new FD, this is how I found the valid FD being replaced by -1.  See JIRA ticket for example output.

I have not tested this issue or fix against 12+, but the relevant code is the same as 11 - func_jitterbuffer code was moved to core but still the same code.


Thanks,

Corey Farrell

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20140613/b78d5b6e/attachment.html>


More information about the asterisk-dev mailing list