From: Richard Mudgett Date: Mon, 29 Oct 2012 15:51:24 +0000 (+0000) Subject: chan_dahdi: Fix segfault dereferencing a NULL tech_pvt. X-Git-Tag: 10.11.0-rc1~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=800c760294dd6fac789eaaa3c3dbb59e9456ce55;p=thirdparty%2Fasterisk.git chan_dahdi: Fix segfault dereferencing a NULL tech_pvt. The tech support customer was using the AMI Redirect action shortly after a call was placed. While the channel tried to do an ast_read(), the masquerade resulting from the channel redirect took place. The masquerade in the middle of the ast_read() resulted in the segfault. (closes issue AST-1025) Reported by: Trey Blancher Patches: jira_ast_1025_v1.8_v2.patch (license #5621) patch uploaded by rmudgett ........ Merged revisions 375361 from http://svn.asterisk.org/svn/asterisk/branches/1.8 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@375362 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c index 04b173ed3e..ebf4eb7dda 100644 --- a/channels/chan_dahdi.c +++ b/channels/chan_dahdi.c @@ -9014,11 +9014,20 @@ static struct ast_frame *dahdi_read(struct ast_channel *ast) CHANNEL_DEADLOCK_AVOIDANCE(ast); /* - * For PRI channels, we must refresh the private pointer because - * the call could move to another B channel while the Asterisk - * channel is unlocked. + * Check to see if the channel is still associated with the same + * private structure. While the Asterisk channel was unlocked + * the following events may have occured: + * + * 1) A masquerade may have associated the channel with another + * technology or private structure. + * + * 2) For PRI calls, call signaling could change the channel + * association to another B channel (private structure). */ - p = ast->tech_pvt; + if (ast->tech_pvt != p) { + /* The channel is no longer associated. Quit gracefully. */ + return &ast_null_frame; + } } idx = dahdi_get_index(ast, p, 0);