app_queue: fix ring_entry to access nativeformats with a channel lock
authorDömsödi Gergely <doome@uhusystems.com>
Wed, 6 Mar 2019 13:20:09 +0000 (14:20 +0100)
committerJoshua C. Colp <jcolp@digium.com>
Wed, 13 Mar 2019 10:49:21 +0000 (04:49 -0600)
Fixes an intermittent segmentation fault which occured when accessing
nativeformats of a channel which entered into a queue.

ASTERISK-27964
Reported by: Francisco Seratti

Change-Id: Ic87fa7a363f3b487c24ce07032f4b2201c22db9e

apps/app_queue.c

index 10dd06a..72bc57b 100644 (file)
@@ -4497,6 +4497,7 @@ static int ring_entry(struct queue_ent *qe, struct callattempt *tmp, int *busies
        char tech[256];
        char *location;
        const char *macrocontext, *macroexten;
+       struct ast_format_cap *nativeformats;
        RAII_VAR(struct ast_json *, blob, NULL, ast_json_unref);
 
        /* on entry here, we know that tmp->chan == NULL */
@@ -4513,8 +4514,13 @@ static int ring_entry(struct queue_ent *qe, struct callattempt *tmp, int *busies
                location = "";
        }
 
+       ast_channel_lock(qe->chan);
+       nativeformats = ao2_bump(ast_channel_nativeformats(qe->chan));
+       ast_channel_unlock(qe->chan);
+
        /* Request the peer */
-       tmp->chan = ast_request(tech, ast_channel_nativeformats(qe->chan), NULL, qe->chan, location, &status);
+       tmp->chan = ast_request(tech, nativeformats, NULL, qe->chan, location, &status);
+       ao2_cleanup(nativeformats);
        if (!tmp->chan) {                       /* If we can't, just go on to the next call */
                ao2_lock(qe->parent);
                qe->parent->rrpos++;