[svn-commits] russell: trunk r275995 - in /trunk: ./ main/features.c
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Tue Jul 13 11:53:47 CDT 2010
Author: russell
Date: Tue Jul 13 11:53:44 2010
New Revision: 275995
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=275995
Log:
Merged revisions 275994 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r275994 | russell | 2010-07-13 11:51:18 -0500 (Tue, 13 Jul 2010) | 14 lines
Access peer->cdr directly instead of through a saved off reference.
At this point in the code, it is possible that peer_cdr may be invalid.
Specifically, in the blind transfer code, CDRs are swapped between channels.
So, peer_cdr is no longer == peer->cdr.
The scenario that exposed a crash in this code was a blind transfer that hit
the system call limit, causing the transferee channel to get destroyed after
the transfer attempt failed. Even if it succeeds and this code doesn't crash,
this code was still trying to reset a CDR on a channel that was now owned by
a different thread, which is a BadThing(tm).
(ABE-2417)
........
Modified:
trunk/ (props changed)
trunk/main/features.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.
Modified: trunk/main/features.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/features.c?view=diff&rev=275995&r1=275994&r2=275995
==============================================================================
--- trunk/main/features.c (original)
+++ trunk/main/features.c Tue Jul 13 11:53:44 2010
@@ -3451,7 +3451,7 @@
/* new channel */
ast_cdr_specialized_reset(new_chan_cdr, 0);
} else {
- ast_cdr_specialized_reset(chan_cdr, 0); /* nothing changed, reset the chan_cdr */
+ ast_cdr_specialized_reset(chan->cdr, 0); /* nothing changed, reset the chan cdr */
}
}
More information about the svn-commits
mailing list