From b3e43c8c38052d582dc8674dc5ae684c4a8f699b Mon Sep 17 00:00:00 2001 From: russell Date: Wed, 13 Oct 2010 15:46:39 +0000 Subject: Merged revisions 291393 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ................ r291393 | russell | 2010-10-13 10:29:21 -0500 (Wed, 13 Oct 2010) | 13 lines Merged revisions 291392 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r291392 | russell | 2010-10-13 10:23:19 -0500 (Wed, 13 Oct 2010) | 6 lines Lock pvt so pvt->owner can't disappear when queueing up a frame. This fixes a crash due to a hangup race condition. ABE-2601 ........ ................ git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.8@291394 f38db490-d61c-443f-a65b-d21fe96a405b --- channels/chan_sip.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 9d66c05d6..58e3f5c4f 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -3603,9 +3603,21 @@ static int __sip_autodestruct(const void *data) /* Reset schedule ID */ p->autokillid = -1; + + /* + * Lock both the pvt and the channel safely so that we can queue up a frame. + */ + sip_pvt_lock(p); + while (p->owner && ast_channel_trylock(p->owner)) { + sip_pvt_unlock(p); + sched_yield(); + sip_pvt_lock(p); + } + if (p->owner) { ast_log(LOG_WARNING, "Autodestruct on dialog '%s' with owner in place (Method: %s)\n", p->callid, sip_methods[p->method].text); ast_queue_hangup_with_cause(p->owner, AST_CAUSE_PROTOCOL_ERROR); + ast_channel_unlock(p->owner); } else if (p->refer && !p->alreadygone) { ast_debug(3, "Finally hanging up channel after transfer: %s\n", p->callid); transmit_request_with_auth(p, SIP_BYE, 0, XMIT_RELIABLE, 1); @@ -3619,7 +3631,11 @@ static int __sip_autodestruct(const void *data) /* sip_destroy(p); */ /* Go ahead and destroy dialog. All attempts to recover is done */ /* sip_destroy also absorbs the reference */ } + + sip_pvt_unlock(p); + dialog_unref(p, "The ref to a dialog passed to this sched callback is going out of scope; unref it."); + return 0; } -- cgit v1.2.3