ASTERISK-30492: app_queue periodic-announce-startdelay patch derefferences null qe.parent pointer.

[Home]

Summary: ASTERISK-30492: app_queue periodic-announce-startdelay patch derefferences null qe.parent pointer.

Reporter: Jonathan Rose (JonathanRRose) Labels:

Date Opened: 2023-04-11 17:55:45 Date Closed:

Priority: Major Regression? Yes

Status: In Progress/In Progress Components: Applications/app_queue

Versions: GIT Frequency of
Occurrence Constant

Related
Issues:

Environment: RHEL 8 (for clang-tidy), Ubuntu 22.04 (for manual test), but really this is universal anyway. Attachments:

Description: https://issues.asterisk.org/jira/browse/ASTERISK-30437

Clang Tidy reported this patch with 'warning: Dereference of null pointer' -- that prompted me to look into the change further and that left me wondering whether or not this patch was actually tested before it was committed.

Per my comment, https://github.com/asterisk/asterisk/blob/edd7f1b0605e2840b2e21bf45afa67950dd3f9fe/apps/app_queue.c#L8529 -- at this point, qe.parent will unconditionally be null since it is qe is initialized via:

{code}
struct queue_ent qe = { 0 };
{code}

From here you have some individual members of qe being set, but qe.parent isn't set at any point until after we enter the queue_join function. Presumably at this point qe.parent is going to be a null pointer, and we can't use that to get the periodicannouncestartdelay without causing a segfault.

My testing confirms that running the Queue dialplan application now pretty much unconditionally causes a segfault.

As far as I can tell, this is the *only* place that periodicannouncestartdelay is consumed, hence my comment about this seeming to be code that was committed without any kind of testing. There's no way it ever could have worked.

{code}
queue_exec (chan=0x555555f57c00, data=0x7fffa85999b0 "testqueue") at app_queue.c:8530
8530 if (qe.parent->periodicannouncestartdelay >= 0) {
(gdb) bt
#0 queue_exec (chan=0x555555f57c00, data=0x7fffa85999b0 "testqueue") at app_queue.c:8530
#1 0x00005555556e25e3 in pbx_exec (c=0x555555f57c00, app=0x555555f07990, data=0x7fffa85999b0 "testqueue") at pbx_app.c:492
{code}

I don't understand why this wasn't already caught by continuous integration since I would presume that this will cause the asterisk testsuite to fail on any of the queue tests. My insight into how CI is ran in relation to pull requests isn't quite what it used to be admittedly.

Comments: By: Asterisk Team (asteriskteam) 2023-04-11 17:55:48.505-0500

The severity of this issue has been automatically downgraded from "Blocker" to "Major". The "Blocker" severity is reserved for issues which have been determined to block the next release of Asterisk. This severity can only be set by privileged users. If this issue is deemed to block the next release it will be updated accordingly during the triage process.
By: Asterisk Team (asteriskteam) 2023-04-11 17:55:49.133-0500

WARNING

JIRA will be going read-only at the end of April, 2023. We will be starting fresh on Github at https://github.com/asterisk/asterisk at that time. No issues or patches will be copied to Github. If you file an issue on JIRA at this time you will need to recreate it on Github after this date. The same applies if you have a patch.

WARNING

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.

Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/].
By: Joshua C. Colp (jcolp) 2023-04-11 18:35:27.814-0500

[~jkroon] If you aren't going to be looking at this, I will revert the change in question before the next set of releases.
By: Joshua C. Colp (jcolp) 2023-04-11 18:38:17.977-0500

I have also already created the reverts - so we may just go ahead and merge those in sooner due to the severity of this.
By: Jaco Kroon (jkroon) 2023-04-12 03:54:51.038-0500

Yea, please revert for now, I'll have to rework the original patch, and that includes figuring out the new code submission process too. The posted is correct, this was not tested properly. Which is my bad.

Honestly it just looks like the code at lines 8529 through 8532 needs to move down to after the ast_assert currently at line 8540 (ie, after the queue_join).

I'll do that now quick, but won't be in a position to perform a proper test until May in all likelyhood.
By: Joshua C. Colp (jcolp) 2023-04-12 03:57:10.711-0500

I'm reverting for now.
By: Joshua C. Colp (jcolp) 2023-04-12 03:57:56.858-0500

I'll assign this to you though.