[asterisk-dev] [Code Review] 4049: res_fax: Fix reference leak caused by gateway sessions being added to faxregistry.container twice

Corey Farrell reviewboard at asterisk.org
Tue Oct 7 14:04:12 CDT 2014 


> On Oct. 7, 2014, 1:53 p.m., opticron wrote:
> > /branches/1.8/res/res_fax.c, line 819
> > <https://reviewboard.asterisk.org/r/4049/diff/1/?file=67846#file67846line819>
> >
> >     I can't seem to find where the reserved session is actually linked into the faxregistry container. Have you verified that everything is properly balanced in the ref logs with this patch?

Somehow a session is being created by fax_session_new and later passed to fax_session_new as a reserved session.  This happened with tests/fax/sip/gateway_mix4.  It looks like fax_gateway_new is being called with details->gateway_timeout == 0.  Then fax_gateway_start is called, gateway->s is initialized via fax_session_new.  fax_gateway_start is called again, causing gateway->s to be reinitialized via fax_session_new for the second time.  I'm unsure why this is, I'm having a bit of trouble tracing the call path.

On another note for ref's being balanced, ao2_unlink(container, some_object_not_in_container) is more or less a no-op (expensive, but I'm not sure of another way to handle this).

The following is from a processed refs log from Asterisk 12 with the gateway_mix4 test:

==== Leaked Object 0x7f454c031cf8 history ====
[17779] res_fax.c:1048 fax_session_new: +1  - [**constructor**]
[17779] res_fax.c:1123 fax_session_new: +1  - [1]
[17779] res_fax_spandsp.c:792 spandsp_fax_gw_gen_alloc: +1  - [2]
[17779] res_fax.c:1034 fax_session_new: +1  - [3]
[17779] res_fax.c:1123 fax_session_new: +1  - [4]
[17779] res_fax.c:2718 fax_gateway_start: -1  - [5]
[17779] res_fax_spandsp.c:797 spandsp_fax_gw_gen_release: -1  - [4]
[17779] res_fax_spandsp.c:792 spandsp_fax_gw_gen_alloc: +1  - [3]
[17779] res_fax.c:2642 destroy_gateway: -1  - [4]
[17779] res_fax.c:2645 destroy_gateway: -1  - [3]
[17779] res_fax_spandsp.c:797 spandsp_fax_gw_gen_release: -1  - [2]


* destroy_gateway tells us we are definitely dealing with gateway->s.  I've noticed that the gateway functionality is not in 1.8, so I'm removing that from the affected versions.


- Corey


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4049/#review13461
-----------------------------------------------------------


On Oct. 5, 2014, 11:10 p.m., Corey Farrell wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4049/
> -----------------------------------------------------------
> 
> (Updated Oct. 5, 2014, 11:10 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-24392
>     https://issues.asterisk.org/jira/browse/ASTERISK-24392
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> Reserved fax gateway sessions are added to faxregistry.container, then added again when the session is 'really' created.  It seems that when it is re-added it adds a second reference into the container due to the id being different.  Removal of the original list entry is not successful.  This prevents the session from ever being unallocated.
> 
> 
> Diffs
> -----
> 
>   /branches/1.8/res/res_fax.c 424175 
> 
> Diff: https://reviewboard.asterisk.org/r/4049/diff/
> 
> 
> Testing
> -------
> 
> Verified this resolves the leak in 11 and 12.
> 
> 
> Thanks,
> 
> Corey Farrell
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20141007/357899f7/attachment.html>

More information about the asterisk-dev mailing list