Summary:ASTERISK-10798: [patch] Asterisk segfaults while doing a 'module reload'.
Reporter:Eliel Sardanons (eliel)Labels:
Date Opened:2007-11-18 15:13:12.000-0600Date Closed:2007-11-21 17:51:51.000-0600
Versions:Frequency of
Environment:Attachments:( 0) main.pbx.patch
( 1) res_features.c.patch
Description:While doing a 'module reload res_features.so' asterisk crash.
Also while doing a 'module unload res_features.so' and then a 'dialplan show parkedcalls'


The problem is that peer->peer is NULL and also peer->next so next_node becomes null too.
Also there is a typo with an assigment.

Comments:By: Eliel Sardanons (eliel) 2007-11-18 15:14:33.000-0600

This bug appears in:

By: Eliel Sardanons (eliel) 2007-11-18 17:07:25.000-0600

I have found that the crash while doing 'module unload res_features.so' is because while doing a ast_context_create() the registrar parameter is static memory and while doing a module unload we lost the reference.
The problem can be solved destroying every created context while doing a module unload like I have done with res_features.c but we have the same problem with other modules like app_dial, etc, every module that creates a context and doesn't destroy it while unloading.
To solve the crash I make a copy of the 'registrar' to prevent this conditions, or we could leave the registrar as is, and check every app/res/pbx/etc that creates a context and put code to destroy it while unloading.

By: Eliel Sardanons (eliel) 2007-11-18 17:11:21.000-0600

Use patch res_features if you don't like the ast_strdup(registrar) solution, or use main.pbx.patch to do a ast_strdup() and prevent a crash if a module is unloaded and a dialplan show is executed (or other command or function that uses the ast_get_context_registrar());

By: Steve Murphy (murf) 2007-11-21 17:28:59.000-0600

OK, it looks like my work on 11290 fixed the first half of this bug, the reloading of res_features. I'm about to close this bug for the other half...

By: Digium Subversion (svnbot) 2007-11-21 17:51:51.000-0600

Repository: asterisk
Revision: 89513

U   trunk/apps/app_dial.c
U   trunk/apps/app_queue.c
U   trunk/channels/chan_iax2.c
U   trunk/channels/chan_sip.c
U   trunk/channels/chan_skinny.c
U   trunk/res/res_features.c

r89513 | murf | 2007-11-21 17:51:50 -0600 (Wed, 21 Nov 2007) | 1 line

closes issue ASTERISK-10798, where an unload of a module that creates a dialplan context, causes a crash when you do a 'dialplan show' of that context. This is because the registrar string is defined in the module, and the stale pointer is traversed. The reporter offered a patch that would always strdup the registrar string, which is practical, but I preferred to destroy the created contexts in each module where one is created. That seemed more symmetric. There were only 6 place in asterisk where this is done: chan_sip, chan_iax2, chan_skinny, res_features, app_dial, and app_queue. The two apps destroyed the context, but left the contexts. All is fixed now and unloads should be dialplan friendly.