| Summary: | ASTERISK-14411: [patch] Crash when performing directed pickup | ||
| Reporter: | Laurent Steffan (lmsteffan) | Labels: | |
| Date Opened: | 2009-07-02 01:07:54 | Date Closed: | 2009-07-22 09:36:59 |
| Priority: | Blocker | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) 15441.patch ( 1) debug3.txt ( 2) gdb.txt | |
| Description: | I am having several kinds of crashes - random but frequent - when hanging up a phone after having performed a directed pickup through a SIP INVITE with replace. I have - without much success yet - tried to identify the source of these errors. I include herein one backtrace obtained after such a crash. ****** ADDITIONAL INFORMATION ****** Due to another bug (ASTERISK-14410) I am not able to use a more recent SVN version to reproduce the behaviour. This bug however has been present for quite some time (at least several weeks). | ||
| Comments: | By: Tilghman Lesher (tilghman) 2009-07-14 17:43:48 In this gdb session, I'd like to see the output of the following commands: p *as p *bs By: Mark Michelson (mmichelson) 2009-07-20 18:18:16 I have reproduced this issue locally, although I did not use the INVITE with replace method. I just called app_directed_pickup directly with the dialplan. I'm going to run with valgrind to try to see what's going wrong. By: Laurent Steffan (lmsteffan) 2009-07-20 22:15:06 I have just managed to get the information requested. The values are : - for *as : $26 = {list = {next = 0x0}, id = 98, when = {tv_sec = 0, tv_usec = 0}, resched = 0, variable = 0, data = 0x0, callback = 0, __heap_index = 0} - for *bs I get the message : Cannot access memory at address 0x0 These values do not come from the same session but from a similar one, for which I include the traces (debug3.txt). I'll keep that session in case you require more information. By: Mark Michelson (mmichelson) 2009-07-21 10:47:53 I have uploaded a candidate patch for testing, 15441.patch. Please see if this fixes the problem. Thank you! By: Laurent Steffan (lmsteffan) 2009-07-21 21:58:34 The patch does solve the problem. I made 50 pickups without a hitch where the unpatched code crashed every 3 or four pickups. Thanks a lot !!! By: Digium Subversion (svnbot) 2009-07-22 09:35:54 Repository: asterisk Revision: 208017 U trunk/apps/app_directed_pickup.c ------------------------------------------------------------------------ r208017 | mmichelson | 2009-07-22 09:35:53 -0500 (Wed, 22 Jul 2009) | 12 lines Fix the crash in directed pickups. For real this time. A shallow pointer copy was causing an ast_party_connected_line structure to be freed multiple times, thus causing a crash. (closes issue ASTERISK-14411) Reported by: lmsteffan Patches: 15441.patch uploaded by mmichelson (license 60) Tested by: lmsteffan ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=208017 By: Digium Subversion (svnbot) 2009-07-22 09:36:58 Repository: asterisk Revision: 208019 _U branches/1.6.2/ ------------------------------------------------------------------------ r208019 | mmichelson | 2009-07-22 09:36:58 -0500 (Wed, 22 Jul 2009) | 17 lines Blocked revisions 208017 via svnmerge ........ r208017 | mmichelson | 2009-07-22 09:35:01 -0500 (Wed, 22 Jul 2009) | 12 lines Fix the crash in directed pickups. For real this time. A shallow pointer copy was causing an ast_party_connected_line structure to be freed multiple times, thus causing a crash. (closes issue ASTERISK-14411) Reported by: lmsteffan Patches: 15441.patch uploaded by mmichelson (license 60) Tested by: lmsteffan ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=208019 | ||