Summary:ASTERISK-23605: res_http_websocket: Race condition in shutting down websocket causes crash
Reporter:Matt Jordan (mjordan)Labels:
Date Opened:2014-04-09 11:04:53Date Closed:2014-04-30 08:07:59
Versions:12.1.1 Frequency of
Environment:Attachments:( 0) ws_backtrace.txt
Description:Note that this crash would also most likely occur in Asterisk 11.

The crash occurs when a call to write to the websocket (via {{fwrite}}) is passed a NULL {{FILE *}}. We would typically only end up in that situation when we had previously shutdown the websocket and set {{session->f}} pointer to NULL.

The core file shows this being the case as well:

284        if (fwrite(frame, 1, header_size, session->f) != header_size) {
(gdb) p frame
$1 = <value optimized out>
(gdb) p session->f
$2 = (FILE *) 0x0

Backtrace is attached.
Comments:By: Kinsey Moore (kmoore) 2014-04-30 08:08:00.037-0500

Committed to 11, 12, and trunk.