<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><blockquote type="cite"><blockquote type="cite"><p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica">While tracking down another issue, I came across this code in</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica">main/channel.c:ast_channel_free:</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px; font: 12.0px Helvetica; min-height: 14.0px"><br></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica"><span class="Apple-converted-space"> </span>if (chan->tech_pvt) {</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica"><span class="Apple-converted-space"> </span>ast_log(LOG_WARNING, "Channel '%s' may not have been</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica">hung up properly\n", chan->name);</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica"><span class="Apple-converted-space"> </span>free(chan->tech_pvt);</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica"><span class="Apple-converted-space"> </span>}</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px; font: 12.0px Helvetica; min-height: 14.0px"><br></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica">I had valgrind report something was still using this. That may have been</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica">due to some other bugs since fixed in bug report 11940, but I'm not</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica">sure. Anyway, should this really be freeing chan->tech_pvt when chan_sip</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica">should generally be taking care of that?</font></p> <p style="margin: 0.0px 0.0px 0.0px 10.0px; font: 12.0px Helvetica; min-height: 14.0px"><br></p></blockquote> <p style="margin: 0.0px 0.0px 0.0px 0.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica">The bug in this case would be that chan_sip still has a reference to the channel</font></p> <p style="margin: 0.0px 0.0px 0.0px 0.0px"><font face="Helvetica" size="3" style="font: 12.0px Helvetica">after the channel has been free'd.<span class="Apple-converted-space"> </span>That is not supposed to ever happen.</font></p> </blockquote></div><br><div>I had a another one, but different. Are these legit bugs or not? It's very rare when this happens. Once incident in a week (although several messages like this came as it continued to use the region of memory.) I'm not sure how many people run Asterisk under valgrind and take 15,000 calls a day for a week.</div><div><br class="webkit-block-placeholder"></div><div>This one happened while reloading extensions.</div><div><br class="webkit-block-placeholder"></div><div><div>==21469== Thread 66:</div><div>==21469== Invalid read of size 4</div><div>==21469== at 0x80C1456: pbx_substitute_variables (pbx.c:1771)</div><div>==21469== by 0x80C1702: pbx_extension_helper (pbx.c:1829)</div><div>==21469== by 0x80C29A5: ast_spawn_extension (pbx.c:2306)</div><div>==21469== by 0x80C2EC1: __ast_pbx_run (pbx.c:2408)</div><div>==21469== by 0x80C3C76: pbx_thread (pbx.c:2623)</div><div>==21469== by 0x80FFF00: dummy_start (utils.c:852)</div><div>==21469== by 0x403123F: start_thread (in /lib/tls/i686/cmov/libpthread-2.3.6.so)</div><div>==21469== by 0x418349D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so)</div><div>==21469== Address 0x5142f3c is 132 bytes inside a block of size 178 free'd</div><div>==21469== at 0x401D40C: free (vg_replace_malloc.c:323)</div><div>==21469== by 0x8072226: __ast_free_region (astmm.c:174)</div><div>==21469== by 0x80725B2: __ast_free (astmm.c:208)</div><div>==21469== by 0x80C3C5D: destroy_exten (pbx.c:2608)</div><div>==21469== by 0x80CA0F2: __ast_context_destroy (pbx.c:5337)</div><div>==21469== by 0x80C6AFB: ast_merge_contexts_and_delete (pbx.c:3972)</div><div>==21469== by 0x567A8D4: ??? (pbx_config.c:2458)</div><div>==21469== by 0x5679300: ??? (pbx_config.c:2083)</div><div>==21469== by 0x8092672: ast_cli_command (cli.c:1992)</div><div>==21469== by 0x806D095: consolehandler (asterisk.c:1396)</div><div>==21469== by 0x8071F03: main (asterisk.c:3016)</div><div><br></div><div><div><div>Norman Franke</div><div>Answering Service for Directors, Inc.</div><div>www.myasd.com</div><div><br class="webkit-block-placeholder"></div></div></div></div></body></html>