<p>Abhay Gupta has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/11444">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">chan_pjsip.c: Checked for channel and session not be be NULL in hangup<br><br>We have seen some rare case of segmentation fault in hangup function<br>and we could notice that channel pointer was NULL . Debug log shows<br>that there is a 200 OK answer and SIP timeout at the same time . It<br>looks that while the SIP session was being destroyed due to timeout<br>call hangup due to answer event lead to race condition and channel<br>is being destroyed from two different places . The check ensures we<br>check it not to be NULL before freeing it .<br><br>ASTERISK-25371<br><br>Change-Id: I19f6566830640625e08f7b87bfe15758ad33a778<br>---<br>M channels/chan_pjsip.c<br>1 file changed, 19 insertions(+), 11 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/44/11444/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/channels/chan_pjsip.c b/channels/chan_pjsip.c</span><br><span>index 8508631..66383d6 100644</span><br><span>--- a/channels/chan_pjsip.c</span><br><span>+++ b/channels/chan_pjsip.c</span><br><span>@@ -2342,18 +2342,26 @@</span><br><span> struct hangup_data *h_data = data;</span><br><span> struct ast_channel *ast = h_data->chan;</span><br><span> struct ast_sip_channel_pvt *channel = ast_channel_tech_pvt(ast);</span><br><span style="color: hsl(0, 100%, 40%);">- struct ast_sip_session *session = channel->session;</span><br><span style="color: hsl(0, 100%, 40%);">- int cause = h_data->cause;</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Before cleaning we have to ensure that channel or its session is not NULL</span><br><span style="color: hsl(120, 100%, 40%);">+ * we have seen rare case when taskprocessor calls hangup but channel is NULL</span><br><span style="color: hsl(120, 100%, 40%);">+ * due to SIP session timeout and answer happening at the same time </span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+ if(channel != NULL){</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_sip_session *session = channel->session;</span><br><span style="color: hsl(120, 100%, 40%);">+ if(session != NULL){</span><br><span style="color: hsl(120, 100%, 40%);">+ int cause = h_data->cause;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- /*</span><br><span style="color: hsl(0, 100%, 40%);">- * It's possible that session_terminate might cause the session to be destroyed</span><br><span style="color: hsl(0, 100%, 40%);">- * immediately so we need to keep a reference to it so we can NULL session->channel</span><br><span style="color: hsl(0, 100%, 40%);">- * afterwards.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">- ast_sip_session_terminate(ao2_bump(session), cause);</span><br><span style="color: hsl(0, 100%, 40%);">- clear_session_and_channel(session, ast);</span><br><span style="color: hsl(0, 100%, 40%);">- ao2_cleanup(session);</span><br><span style="color: hsl(0, 100%, 40%);">- ao2_cleanup(channel);</span><br><span style="color: hsl(120, 100%, 40%);">+ /*</span><br><span style="color: hsl(120, 100%, 40%);">+ * It's possible that session_terminate might cause the session to be destroyed</span><br><span style="color: hsl(120, 100%, 40%);">+ * immediately so we need to keep a reference to it so we can NULL session->channel</span><br><span style="color: hsl(120, 100%, 40%);">+ * afterwards.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_sip_session_terminate(ao2_bump(session), cause);</span><br><span style="color: hsl(120, 100%, 40%);">+ clear_session_and_channel(session, ast);</span><br><span style="color: hsl(120, 100%, 40%);">+ ao2_cleanup(session);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ ao2_cleanup(channel);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> ao2_cleanup(h_data);</span><br><span> return 0;</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/11444">change 11444</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/11444"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: I19f6566830640625e08f7b87bfe15758ad33a778 </div>
<div style="display:none"> Gerrit-Change-Number: 11444 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Abhay Gupta <abhay@avissol.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>