From 26d50bd98685dbaf8b8e472d338076a15d39179f Mon Sep 17 00:00:00 2001 From: Matthew Jordan Date: Fri, 5 Sep 2014 21:53:35 +0000 Subject: [PATCH] main/cdr: Fix crash/memory consumption in CDRs in multi-party bridge scenarios This patch fixes an issue where CDRs would get stuck generating an infinite number of CDRs, eventually crashing Asterisk (and consuming a lot of memory along the way). When a channel enters into a multi-party bridge, the CDR engine creates mappings of each participant to each other participant, picking the 'A' party as it goes. So, if we have four channels in a multi-party bridge (Alice, Bob, Charlie, Denise), we would have something like: Alice => Bob Alice => Charlie Alice => Denise Bob => Charlie Bob => Denise Charlie => Denise This works fine when participants enter the bridge a single time. When a participant leaves a bridge, the CDRs for that channel are transitioned to a finalized state. The bug occurs if Bob rejoins. When the CDR engine creates mappings between the channels, it walks through all the participants currently in the bridge, and realizes that no one in the bridge can create a CDR with the channel (Bob). As such it creates a new CDR for the candidate and appends it to that candidate's chain. Unfortunately, on this particular code path, it doesn't stop traversing the candidate's chain. Since we just added ourselves to the chain, this causes the loop to keep going, constantly adding new CDRs. This patch makes it so the engine bails when it creates a CDR match in this case. Review: https://reviewboard.asterisk.org/r/3964/ ASTERISK-24241 #close Reported by: Deepak Singh Rawat Tested by: Deepak Singh Rawat ASTERISK-24208 Reported by: Frankie Chin git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@422715 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- main/cdr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/main/cdr.c b/main/cdr.c index 17fa8a25fa..1eb2e54698 100644 --- a/main/cdr.c +++ b/main/cdr.c @@ -2322,6 +2322,7 @@ static int bridge_candidate_process(struct cdr_object *cdr, struct cdr_object *b */ memset(&cand_cdr->end, 0, sizeof(cand_cdr->end)); } + return 0; } return 0; } -- 2.47.2