diff options
| author | mmichelson <mmichelson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-01-15 00:11:01 +0000 |
|---|---|---|
| committer | mmichelson <mmichelson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-01-15 00:11:01 +0000 |
| commit | fc080fca0650c97e8adeb2b6fdf4fed21dc524fc (patch) | |
| tree | 5762ef0e762a80cfc92cfa4e010aaf2a10ee438b | |
| parent | 5f59a57394658e8f81d3ff853e4163c19617394f (diff) | |
Fix some crashes from bad datastore handling in app_queue.c
* The queue_transfer_fixup function was searching for and removing
the datastore from the incorrect channel, so this was fixed.
* Most datastore operations regarding the queue_transfer datastore
were being done without the channel locked, so proper channel locking
was added, too.
(closes issue #14086)
Reported by: ZX81
Patches:
14086v2.patch uploaded by putnopvut (license 60)
Tested by: ZX81, festr
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@168628 f38db490-d61c-443f-a65b-d21fe96a405b
| -rw-r--r-- | apps/app_queue.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/apps/app_queue.c b/apps/app_queue.c index 25be3e4fc..474ba9d88 100644 --- a/apps/app_queue.c +++ b/apps/app_queue.c @@ -2620,8 +2620,9 @@ static void queue_transfer_fixup(void *data, struct ast_channel *old_chan, struc update_queue(qe->parent, member, callcompletedinsl); - if ((datastore = ast_channel_datastore_find(new_chan, &queue_transfer_info, NULL))) { - ast_channel_datastore_remove(new_chan, datastore); + /* No need to lock the channels because they are already locked in ast_do_masquerade */ + if ((datastore = ast_channel_datastore_find(old_chan, &queue_transfer_info, NULL))) { + ast_channel_datastore_remove(old_chan, datastore); } else { ast_log(LOG_WARNING, "Can't find the queue_transfer datastore.\n"); } @@ -2632,6 +2633,8 @@ static void queue_transfer_fixup(void *data, struct ast_channel *old_chan, struc * When a caller is atxferred, then the queue_transfer_info datastore * is removed from the channel. If it's still there after the bridge is * broken, then the caller was not atxferred. + * + * \note Only call this with chan locked */ static int attended_transfer_occurred(struct ast_channel *chan) { @@ -2906,9 +2909,11 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce * to which the datastore was moved hangs up, it will attempt to free this * datastore again, causing a crash */ + ast_channel_lock(qe->chan); if (datastore && !ast_channel_datastore_remove(qe->chan, datastore)) { ast_channel_datastore_free(datastore); } + ast_channel_unlock(qe->chan); ast_mutex_lock(&qe->parent->lock); if (qe->parent->strategy == QUEUE_STRATEGY_RRMEMORY) { store_next(qe, outgoing); @@ -3155,6 +3160,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce transfer_ds = setup_transfer_datastore(qe, member, callstart, callcompletedinsl); bridge = ast_bridge_call(qe->chan,peer, &bridge_config); + ast_channel_lock(qe->chan); if (!attended_transfer_occurred(qe->chan)) { struct ast_datastore *tds; if (strcasecmp(oldcontext, qe->chan->context) || strcasecmp(oldexten, qe->chan->exten)) { @@ -3195,17 +3201,16 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce (long)(time(NULL) - callstart), qe->parent->eventwhencalled == QUEUE_EVENT_VARIABLES ? vars2manager(qe->chan, vars, sizeof(vars)) : ""); } - ast_channel_lock(qe->chan); - if ((tds = ast_channel_datastore_find(qe->chan, &queue_transfer_info, NULL))) { + if ((tds = ast_channel_datastore_find(qe->chan, &queue_transfer_info, NULL))) { ast_channel_datastore_remove(qe->chan, tds); } - ast_channel_unlock(qe->chan); update_queue(qe->parent, member, callcompletedinsl); } if (transfer_ds) { ast_channel_datastore_free(transfer_ds); } + ast_channel_unlock(qe->chan); ast_hangup(peer); res = bridge ? bridge : 1; ao2_ref(member, -1); |