| Summary: | ASTERISK-22740: [patch] - Confbridge fails to destroy conference on hangup leading to Asterisk segfault | ||||||
| Reporter: | Simon Moxon (simonmoxon) | Labels: | |||||
| Date Opened: | 2013-10-21 09:33:25 | Date Closed: | 2014-03-05 12:22:27.000-0600 | ||||
| Priority: | Major | Regression? | |||||
| Status: | Closed/Complete | Components: | Applications/app_confbridge | ||||
| Versions: | 11.5.1 | Frequency of Occurrence | Occasional | ||||
| Related Issues: |
| ||||||
| Environment: | Attachments: | ( 0) ASTERISK-22740.diff | |||||
| Description: | With 3 users (1 marked, 2 unmarked) remaining in a conference, if 1 marked and 1 unmarked hangup at the exact same time leaving just the 1 unmarked in the conference.
Then when that final unmarked user leaves, the conference is not torn down. The following Error is logged: {{confbridge/conf_state.c: Invalid event for confbridge user}} If anything then tries to access that conference e.g. via confbridge list or re-creating the conference, then asterisk will segfault as referenced in [ASTERISK-21859] This only occurs is confbridge quiet=no. Recreating the bug without a large volume of calls is tricky as the hangups have tobe with | ||||||
| Comments: | By: Matt Jordan (mjordan) 2013-10-21 09:39:15.499-0500 This may have been fixed in r399222, which is in 11.6.0. Can you re-test with Asterisk 11.6.0-rc2 (or the full release, which should be going out today)? By: Simon Moxon (simonmoxon) 2013-10-21 11:51:29.674-0500 I've got to the bottom of this, it appears when quiet=no is enabled and the leader leaves, the conference object is briefly unlocked with ao2_unlock while the 'leader left the conference' message is played to the conference. The marked user count has already been decremented at this point, but the conference state has not been changed. If an unmarked user hangs up at this point, then CONF_STATE_MULTI_MARKED->leave_active is called. Because the user count is now 1, this function assumes that must be the marked user and sets the conference state to CONF_STATE_SINGLE_MARKED. When the final unmarked user hangs up, it attempts to call CONF_STATE_SINGLE_MARKED->leave_unmarked, but this function doesn't exist. Presumably because it shouldn't be possible for an unmarked user to exist when the conference is in single marked. The fix is not to unlock the conference object until the state has been updated. Attached is a patch. By: Richard Mudgett (rmudgett) 2013-10-21 12:19:27.802-0500 The patch is not marked as a contribution. Have you signed a license agreement? By: Simon Moxon (simonmoxon) 2013-10-21 13:19:28.053-0500 License agreement signed, but currently awaiting approval. By: Simon Moxon (simonmoxon) 2013-11-01 08:59:58.180-0500 Licence approved today, so here is the patch By: Matt Jordan (mjordan) 2013-11-01 10:24:10.030-0500 Thanks a lot for the analysis and the patch Simon! By: Matt Jordan (mjordan) 2014-03-05 12:11:06.896-0600 Nuts - I completely forgot that you had submitted this patch when this got fixed under r405215. Although the patch was slightly different than what you have attached to this issue, I'll go back and update the commit message to give proper attribution to this issue and your patch as well. | ||||||