From: Russell Bryant Date: Tue, 13 Jul 2010 16:55:22 +0000 (+0000) Subject: Merged revisions 275995 via svnmerge from X-Git-Tag: 1.6.2.11-rc1~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=035340763454a814921a12ca8c57726d7d587bce;p=thirdparty%2Fasterisk.git Merged revisions 275995 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r275995 | russell | 2010-07-13 11:53:44 -0500 (Tue, 13 Jul 2010) | 21 lines Merged revisions 275994 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r275994 | russell | 2010-07-13 11:51:18 -0500 (Tue, 13 Jul 2010) | 14 lines Access peer->cdr directly instead of through a saved off reference. At this point in the code, it is possible that peer_cdr may be invalid. Specifically, in the blind transfer code, CDRs are swapped between channels. So, peer_cdr is no longer == peer->cdr. The scenario that exposed a crash in this code was a blind transfer that hit the system call limit, causing the transferee channel to get destroyed after the transfer attempt failed. Even if it succeeds and this code doesn't crash, this code was still trying to reset a CDR on a channel that was now owned by a different thread, which is a BadThing(tm). (ABE-2417) ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.2@275996 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/main/features.c b/main/features.c index a054b9e904..b205c26244 100644 --- a/main/features.c +++ b/main/features.c @@ -2945,7 +2945,7 @@ int ast_bridge_call(struct ast_channel *chan,struct ast_channel *peer,struct ast /* new channel */ ast_cdr_specialized_reset(new_chan_cdr,0); } else { - ast_cdr_specialized_reset(chan_cdr,0); /* nothing changed, reset the chan_cdr */ + ast_cdr_specialized_reset(chan->cdr,0); /* nothing changed, reset the chan cdr */ } }