Summary:	ASTERISK-11248: Asterisk crashes due to non-atomic check on chan_iax.c:schedule_delivery
Reporter:	Guillermo Winkler (guillecabeza)	Labels:
Date Opened:	2008-01-16 15:54:30.000-0600	Date Closed:	2008-02-15 17:28:57.000-0600
Priority:	Critical	Regression?	No
Status:	Closed/Complete	Components:	Channels/chan_iax2
Versions:		Frequency of Occurrence
Related Issues:
Environment:		Attachments:	( 0) bug_iax2_jb_1.4.patch ( 1) bug_iax2_jb_trunk.patch
Description:	It may happen on hangup or if the user press a digit during the call(bridge is temporarily on NULL) that this condition may be true for the first check and false on the second one. ast_bridged_channel(iaxs[fr->callno]->owner) &&    (ast_bridged_channel(iaxs[fr->callno]->owner)->tech->properties Bringing asterisk down. ****** ADDITIONAL INFORMATION ****** thread 1: (gdb) bt #0  0x00afe197 in schedule_delivery (fr=0xa7c2e798, updatehistory=Variable "updatehistory" is not available. ) at chan_iax2.c:2425 #1  0x00b0d53d in socket_read (id=0x8b7b1c0, fd=260, events=1, cbdata=0x8b7bab8) at chan_iax2.c:7741 #2  0x08055bef in ast_io_wait (ioc=0x8b79ca0, howlong=0) at io.c:284 #3  0x00b04f0f in network_thread (ignore=0x0) at chan_iax2.c:8110 #4  0x0075e371 in start_thread () from /lib/tls/libpthread.so.0 ASTERISK-1  0x00676ffe in clone () from /lib/tls/libc.so.6 (gdb) print iaxs[fr->callno]->owner $3 = (struct ast_channel *) 0x927c708 (gdb) print iaxs[fr->callno]->owner->_bridge $4 = (struct ast_channel *) 0x0 thread 2: (gdb) bt #0  0x0075fdf7 in pthread_mutex_lock () from /lib/tls/libpthread.so.0 #1  0x08055fe1 in sched_context_destroy (con=0x8bb81a0) at lock.h:601 #2  0x0806816e in ast_hangup (chan=0x927c708) at channel.c:1355
Comments:	By: Guillermo Winkler (guillecabeza) 2008-01-16 15:58:15.000-0600 Disclaimer was already sent signed by fax long ago. By: Mark Michelson (mmichelson) 2008-01-16 16:41:37.000-0600 In July of last year we changed the license agreement for contributions and moved the license to an on-line format. Since the license agreement has changed, even if you had a disclaimer on file before the change, any new code submissions need to be properly licensed via the new license. Sorry for the inconvenience. By: Guillermo Winkler (guillecabeza) 2008-02-13 16:49:51.000-0600 There is one parenthesis missing in the condition on the patch files I uploaded, it should read if( (!ast_test_flag(iaxs[fr->callno], IAX_FORCEJITTERBUF)) && owner && bridge && (bridge->tech->properties & AST_CHAN_TP_WANTSJITTER)) { I may update the patches if and when someone takes a look at the problem. By: Digium Subversion (svnbot) 2008-02-15 17:28:17.000-0600 Repository: asterisk Revision: 103741 U   branches/1.4/channels/chan_iax2.c ------------------------------------------------------------------------ r103741 | russell | 2008-02-15 17:28:17 -0600 (Fri, 15 Feb 2008) | 8 lines Fix a crash in chan_iax2 due to a race condition (closes issue ASTERISK-11248) Reported by: guillecabeza Patches:      bug_iax2_jb_1.4.patch uploaded by guillecabeza (license 380)      bug_iax2_jb_trunk.patch uploaded by guillecabeza (license 380) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=103741 By: Digium Subversion (svnbot) 2008-02-15 17:28:57.000-0600 Repository: asterisk Revision: 103742 _U  trunk/ U   trunk/channels/chan_iax2.c ------------------------------------------------------------------------ r103742 | russell | 2008-02-15 17:28:57 -0600 (Fri, 15 Feb 2008) | 16 lines Merged revisions 103741 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r103741 | russell | 2008-02-15 17:31:39 -0600 (Fri, 15 Feb 2008) | 8 lines Fix a crash in chan_iax2 due to a race condition (closes issue ASTERISK-11248) Reported by: guillecabeza Patches:      bug_iax2_jb_1.4.patch uploaded by guillecabeza (license 380)      bug_iax2_jb_trunk.patch uploaded by guillecabeza (license 380) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=103742