Prevent a potential race condition and crash when hanging up a channel by removing the channel from the channel list before begining channel tear down.

This fix may potentially cause problems with CDR backends that access the channel a CDR is associated with via the channel list. This fix makes the channel unavabile at the time when the CDR backend is invoked. This has been documented in include/asterisk/cdr.h. (closes issue #15316) Reported by: vmarrone Tested by: mnicholson Review: https://reviewboard.asterisk.org/r/362/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@219136 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-10-07 13:49:18 +00:00 · 2009-09-17 14:58:39 +00:00
parent d28e69ad5d
commit ea3f81a68f
3 changed files with 33 additions and 8 deletions
--- a/include/asterisk/cdr.h
+++ b/include/asterisk/cdr.h
@@ -112,6 +112,11 @@ int ast_cdr_serialize_variables(struct ast_cdr *cdr, char *buf, size_t size, cha
 void ast_cdr_free_vars(struct ast_cdr *cdr, int recur);
 int ast_cdr_copy_vars(struct ast_cdr *to_cdr, struct ast_cdr *from_cdr);
 /*!\brief CDR backend callback
 * \warning CDR backends should NOT attempt to access the channel associated
 * with a CDR record.  This channel is not guaranteed to exist when the CDR
 * backend is invoked.
 */
 typedef int (*ast_cdrbe)(struct ast_cdr *cdr);
 /*! \brief Allocate a CDR record 
--- a/include/asterisk/channel.h
+++ b/include/asterisk/channel.h
@@ -515,6 +515,8 @@ enum {
 	 *  bridge terminates, this will allow the hangup in the pbx loop to be run instead.
 	 *  */
 	AST_FLAG_BRIDGE_HANGUP_DONT = (1 << 17),
 	/*! This flag indicates whether the channel is in the channel list or not. */
 	AST_FLAG_IN_CHANNEL_LIST = (1 << 19),
 };
 /*! \brief ast_bridge_config flags */
--- a/main/channel.c
+++ b/main/channel.c
@@ -868,6 +868,8 @@ alertpipe_failed:
 	tmp->tech = &null_tech;
 	ast_set_flag(tmp, AST_FLAG_IN_CHANNEL_LIST);
 	AST_LIST_LOCK(&channels);
 	AST_LIST_INSERT_HEAD(&channels, tmp, chan_list);
 	AST_LIST_UNLOCK(&channels);
@@ -1247,17 +1249,22 @@ void ast_channel_free(struct ast_channel *chan)
 	struct varshead *headp;
 	struct ast_datastore *datastore = NULL;
 	char name[AST_CHANNEL_NAME], *dashptr;
 	int inlist;
 	headp=&chan->varshead;
 	inlist = ast_test_flag(chan, AST_FLAG_IN_CHANNEL_LIST);
 	if (inlist) {
 		AST_LIST_LOCK(&channels);
 		if (!AST_LIST_REMOVE(&channels, chan, chan_list)) {
-		ast_log(LOG_ERROR, "Unable to find channel in list to free. Assuming it has already been done.\n");
+			if (option_debug)
 				ast_log(LOG_DEBUG, "Unable to find channel in list to free. Assuming it has already been done.\n");
 		}
 		/* Lock and unlock the channel just to be sure nobody has it locked still
 		   due to a reference retrieved from the channel list. */
 		ast_channel_lock(chan);
 		ast_channel_unlock(chan);
 	}
 	/* Get rid of each of the data stores on the channel */
 	while ((datastore = AST_LIST_REMOVE_HEAD(&chan->datastores, entry)))
@@ -1328,6 +1335,7 @@ void ast_channel_free(struct ast_channel *chan)
 	ast_string_field_free_memory(chan);
 	free(chan);
 	if (inlist)
 		AST_LIST_UNLOCK(&channels);
 	ast_device_state_changed_literal(name);
@@ -1515,6 +1523,16 @@ int ast_hangup(struct ast_channel *chan)
 		ast_channel_unlock(chan);
 		return 0;
 	}
 	ast_channel_unlock(chan);
 	AST_LIST_LOCK(&channels);
 	if (!AST_LIST_REMOVE(&channels, chan, chan_list)) {
 		ast_log(LOG_ERROR, "Unable to find channel in list to free. Assuming it has already been done.\n");
 	}
 	ast_clear_flag(chan, AST_FLAG_IN_CHANNEL_LIST);
 	AST_LIST_UNLOCK(&channels);
 	ast_channel_lock(chan);
 	free_translation(chan);
 	/* Close audio stream */
 	if (chan->stream) {