git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Richard Mudgett <rmudgett@digium.com>
	Thu, 12 Sep 2013 16:44:34 +0000 (16:44 +0000)
committer	Richard Mudgett <rmudgett@digium.com>
	Thu, 12 Sep 2013 16:44:34 +0000 (16:44 +0000)
commit	5be186d7c5003a7a90a0db83df6f0ecc59d6c77e
tree	d2884a48b75e8068fa8d928fffc40e9a8bc73618	tree \| snapshot
parent	6ad74509f3b54384430b06c1755ccadfbda22246	commit \| diff

core_local: Fix memory corruption race condition.

The masquerade super test is failing on v12 with high fence violations and
crashing.  The fence violations are showing that party id allocated memory
strings are somehow getting corrupted in the
bridge_reconfigured_connected_line_update() function.  The invalid string
values happen to be the freed memory fill pattern.

After much puzzling, I deduced that the
bridge_reconfigured_connected_line_update() is copying a string out of the
source channel's caller party id struct just as another thread is updating
it with a new value.  The copying thread is using the old string pointer
being freed by the updating thread.  A search of the code found the
unreal_colp_redirect_indicate() routine updating the caller party id's
without holding the channel lock.

A latent bug in v1.8 and v11 hatched in v12 because of the bridging and
connected line changes.  :)

(issue ASTERISK-22221)
Reported by: Matt Jordan

Review: https://reviewboard.asterisk.org/r/2839/
........

Merged revisions 398938 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@398939 65c4cc65-6c06-0410-ace0-fbb531ad65f3