Summary: | ASTERISK-10798: [patch] Asterisk segfaults while doing a 'module reload'. | ||
Reporter: | Eliel Sardanons (eliel) | Labels: | |
Date Opened: | 2007-11-18 15:13:12.000-0600 | Date Closed: | 2007-11-21 17:51:51.000-0600 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Core/PBX |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) main.pbx.patch ( 1) res_features.c.patch | |
Description: | While doing a 'module reload res_features.so' asterisk crash. Also while doing a 'module unload res_features.so' and then a 'dialplan show parkedcalls' ****** ADDITIONAL INFORMATION ****** The problem is that peer->peer is NULL and also peer->next so next_node becomes null too. Also there is a typo with an assigment. | ||
Comments: | By: Eliel Sardanons (eliel) 2007-11-18 15:14:33.000-0600 This bug appears in: http://svn.digium.com/view/asterisk/trunk/main/pbx.c?r1=89346&r2=89388 By: Eliel Sardanons (eliel) 2007-11-18 17:07:25.000-0600 I have found that the crash while doing 'module unload res_features.so' is because while doing a ast_context_create() the registrar parameter is static memory and while doing a module unload we lost the reference. The problem can be solved destroying every created context while doing a module unload like I have done with res_features.c but we have the same problem with other modules like app_dial, etc, every module that creates a context and doesn't destroy it while unloading. To solve the crash I make a copy of the 'registrar' to prevent this conditions, or we could leave the registrar as is, and check every app/res/pbx/etc that creates a context and put code to destroy it while unloading. By: Eliel Sardanons (eliel) 2007-11-18 17:11:21.000-0600 Use patch res_features if you don't like the ast_strdup(registrar) solution, or use main.pbx.patch to do a ast_strdup() and prevent a crash if a module is unloaded and a dialplan show is executed (or other command or function that uses the ast_get_context_registrar()); By: Steve Murphy (murf) 2007-11-21 17:28:59.000-0600 OK, it looks like my work on 11290 fixed the first half of this bug, the reloading of res_features. I'm about to close this bug for the other half... By: Digium Subversion (svnbot) 2007-11-21 17:51:51.000-0600 Repository: asterisk Revision: 89513 U trunk/apps/app_dial.c U trunk/apps/app_queue.c U trunk/channels/chan_iax2.c U trunk/channels/chan_sip.c U trunk/channels/chan_skinny.c U trunk/res/res_features.c ------------------------------------------------------------------------ r89513 | murf | 2007-11-21 17:51:50 -0600 (Wed, 21 Nov 2007) | 1 line closes issue ASTERISK-10798, where an unload of a module that creates a dialplan context, causes a crash when you do a 'dialplan show' of that context. This is because the registrar string is defined in the module, and the stale pointer is traversed. The reporter offered a patch that would always strdup the registrar string, which is practical, but I preferred to destroy the created contexts in each module where one is created. That seemed more symmetric. There were only 6 place in asterisk where this is done: chan_sip, chan_iax2, chan_skinny, res_features, app_dial, and app_queue. The two apps destroyed the context, but left the contexts. All is fixed now and unloads should be dialplan friendly. ------------------------------------------------------------------------ |