Merged revisions 168629 via svnmerge from

https://origsvn.digium.com/svn/asterisk/trunk ................ r168629 | mmichelson | 2009-01-14 18:14:17 -0600 (Wed, 14 Jan 2009) | 24 lines Merged revisions 168628 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r168628 | mmichelson | 2009-01-14 18:11:01 -0600 (Wed, 14 Jan 2009) | 16 lines Fix some crashes from bad datastore handling in app_queue.c * The queue_transfer_fixup function was searching for and removing the datastore from the incorrect channel, so this was fixed. * Most datastore operations regarding the queue_transfer datastore were being done without the channel locked, so proper channel locking was added, too. (closes issue #14086) Reported by: ZX81 Patches: 14086v2.patch uploaded by putnopvut (license 60) Tested by: ZX81, festr ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.0@168630 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-11-07 02:18:15 +00:00 · 2009-01-15 00:14:48 +00:00
parent d572518549
commit b40ebef036
1 changed files with 10 additions and 5 deletions
--- a/apps/app_queue.c
+++ b/apps/app_queue.c
@@ -3132,8 +3132,9 @@ static void queue_transfer_fixup(void *data, struct ast_channel *old_chan, struc
 	update_queue(qe->parent, member, callcompletedinsl);
-	if ((datastore = ast_channel_datastore_find(new_chan, &queue_transfer_info, NULL))) {
+	/* No need to lock the channels because they are already locked in ast_do_masquerade */
-		ast_channel_datastore_remove(new_chan, datastore);
+	if ((datastore = ast_channel_datastore_find(old_chan, &queue_transfer_info, NULL))) {
 		ast_channel_datastore_remove(old_chan, datastore);
 	} else {
 		ast_log(LOG_WARNING, "Can't find the queue_transfer datastore.\n");
 	}
@@ -3144,6 +3145,8 @@ static void queue_transfer_fixup(void *data, struct ast_channel *old_chan, struc
 * When a caller is atxferred, then the queue_transfer_info datastore
 * is removed from the channel. If it's still there after the bridge is
 * broken, then the caller was not atxferred.
 *
 * \note Only call this with chan locked
 */
 static int attended_transfer_occurred(struct ast_channel *chan)
 {
@@ -3454,9 +3457,11 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
 	 * to which the datastore was moved hangs up, it will attempt to free this
 	 * datastore again, causing a crash
 	 */
 	ast_channel_lock(qe->chan);
 	if (datastore && !ast_channel_datastore_remove(qe->chan, datastore)) {
 		ast_channel_datastore_free(datastore);
 	}
 	ast_channel_unlock(qe->chan);
 	ao2_lock(qe->parent);
 	if (qe->parent->strategy == QUEUE_STRATEGY_RRMEMORY) {
 		store_next_rr(qe, outgoing);
@@ -3862,6 +3867,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
 		/* If the queue member did an attended transfer, then the TRANSFER already was logged in the queue_log
 		 * when the masquerade occurred. These other "ending" queue_log messages are unnecessary
 		 */
 		ast_channel_lock(qe->chan);
 		if (!attended_transfer_occurred(qe->chan)) {
 			struct ast_datastore *tds;
 			if (strcasecmp(oldcontext, qe->chan->context) || strcasecmp(oldexten, qe->chan->exten)) {
@@ -3878,17 +3884,16 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
 					(long) (callstart - qe->start), (long) (time(NULL) - callstart), qe->opos);
 				send_agent_complete(qe, queuename, peer, member, callstart, vars, sizeof(vars), AGENT);
 			}
 			ast_channel_lock(qe->chan);
 			if ((tds = ast_channel_datastore_find(qe->chan, &queue_transfer_info, NULL))) {	
 				ast_channel_datastore_remove(qe->chan, tds);
 			}
 			ast_channel_unlock(qe->chan);
 			update_queue(qe->parent, member, callcompletedinsl);
 		}
 		if (transfer_ds) {
 			ast_channel_datastore_free(transfer_ds);
 		}
 		ast_channel_unlock(qe->chan);
 		ast_hangup(peer);
 		res = bridge ? bridge : 1;
 		ao2_ref(member, -1);