| Summary: | ASTERISK-15302: Asterisk crashes on dtmf detection on channel with 2 bluetooth cellphone | ||
| Reporter: | Zoltan Arvai (azbest) | Labels: | |
| Date Opened: | 2009-12-11 08:04:01.000-0600 | Date Closed: | 2010-07-01 07:57:17 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Addons/chan_mobile |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) bt_full.txt ( 1) bt.txt ( 2) cli.txt ( 3) thread_apply_all_bt.txt ( 4) valgrind-log.txt | |
| Description: | When 2 cellular phones connected to a channel dtmf signals will make asterisk to crash: double free. sip->gsm and gsm->sip connection works fine, but gsm->gsm connection is problematic. Removing these lines from chan_mobile.c will prevent crashing, but dtmf detection is tured off: 4014 ast_dsp_set_features(pvt->dsp, DSP_FEATURE_DIGIT_DETECT); 4015 ast_dsp_set_digitmode(pvt->dsp, DSP_DIGITMODE_DTMF | DSP_DIGITMODE_RELAXDTMF); _My guess_ is that asterisk dsp detects the same dtmf signal on input and output side too and uses the same memory area to store informations about that. Finally it tries to free this memory area twice. ****** ADDITIONAL INFORMATION ****** extensions.conf: exten => s,1,Wait(2) exten => s,2,Answer(2) exten => s,3,MixMonitor(soundtest.wav) exten => s,4,Dial(Mobile/g1/0670*******,45) exten => s,5,Hangup() asterisk 1.6.2 rev 234259 asterisk-addons 1.6.2 rev 1074 Notice: chan_mobile.c one line deleted, because withouth this modification, bluetooth drops Nokia phones after hangup (mbl_hangup function): 950 close(pvt->sco_socket); Problem occures with http://svnview.digium.com/svn/asterisk/trunk/ version (234256) too. Tested with Ubuntu 9.10 32bit and Fedora 11 32 bit. | ||
| Comments: | By: Zoltan Arvai (azbest) 2009-12-18 15:18:31.000-0600 uploaded valgrind log ... ==5775== Invalid free() / delete / delete[] ==5775== at 0x4024836: free (vg_replace_malloc.c:325) ==5775== by 0x80DDA38: ast_frame_free (frame.c:368) ==5775== by 0x814E2E3: ast_slinfactory_read (slinfactory.c:182) ==5775== by 0x80817BD: audiohook_read_frame_both (audiohook.c:252) ==5775== by 0x8081B96: ast_audiohook_read_frame (audiohook.c:299) ... By: Zoltan Arvai (azbest) 2010-01-05 06:13:09.000-0600 We found out that line 1090 of chan_mobile.c seems to be unnecessary. This line frees up a frame that freed up in channel.c (ast_bridge_result ast_generic_bridge) too. After removing this line, no more crash occures on dtmf tone. Is that correct? static int mbl_write(struct ast_channel *ast, struct ast_frame *frame) { struct mbl_pvt *pvt = ast->tech_pvt; struct ast_frame *f; ast_debug(3, "*** mbl_write\n"); if (frame->frametype != AST_FRAME_VOICE) { return 0; } while (ast_mutex_trylock(&pvt->lock)) { CHANNEL_DEADLOCK_AVOIDANCE(ast); } ast_smoother_feed(pvt->smoother, frame); while ((f = ast_smoother_read(pvt->smoother))) { sco_write(pvt->sco_socket, f->data.ptr, f->datalen); // ast_frfree(f); } ast_mutex_unlock(&pvt->lock); return 0; } By: Matthew Nicholson (mnicholson) 2010-07-01 07:54:45 I think you are correct. By: Digium Subversion (svnbot) 2010-07-01 07:56:39 Repository: asterisk-addons Revision: 1124 U branches/1.6.2/channels/chan_mobile.c ------------------------------------------------------------------------ r1124 | mnicholson | 2010-07-01 07:56:38 -0500 (Thu, 01 Jul 2010) | 7 lines Don't free written frames in chan_mobile's mbl_write() function. (closes issue ASTERISK-15302) Reported by: azbest Tested by: azbest ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk-addons?view=rev&revision=1124 By: Digium Subversion (svnbot) 2010-07-01 07:57:17 Repository: asterisk Revision: 273312 U trunk/addons/chan_mobile.c ------------------------------------------------------------------------ r273312 | mnicholson | 2010-07-01 07:57:17 -0500 (Thu, 01 Jul 2010) | 7 lines Don't free written frames in chan_mobile's mbl_write() function. (closes issue ASTERISK-15302) Reported by: azbest Tested by: azbest ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=273312 | ||