Project

General

Profile

Bug #4496

SCCP segfault when local and remote end hangup call at the same time

Added by Etienne Lessard about 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
SCCP
Target version:
Security issue:
No
In versions:
<= 13.12
Read documentation?:

Description

Given I have an SCCP phone
Given this phone is in communication with someone else
When the SCCP phone hangup at the same time as the other phone
Then asterisk might segfault

There is a race condition between the "pbx_thread" of the call and the "thread_session" of the SCCP phone.

To easily reproduce this problem, add a "sleep(1)" in the "do_hangup" function, just after the "if (subchan->channel)" condition.

History

#1 Updated by Anonymous almost 5 years ago

  • Target version set to 13.23

#2 Updated by Etienne Lessard almost 5 years ago

  • Target version deleted (13.23)

#3 Updated by Anonymous almost 5 years ago

  • Target version set to 13.25

#4 Updated by Etienne Lessard almost 5 years ago

You can also produce a similar segfault by adding a sleep before the if condition, which will result in free being called twice for the same subchan...

#5 Updated by Pascal Cadotte-Michaud almost 5 years ago

  • Status changed from New to Code review

#6 Updated by Pascal Cadotte-Michaud almost 5 years ago

  • Status changed from Code review to Resolved
  • Resolution set to Fixed

Also available in: Atom PDF