Merged revisions 337008 via svnmerge from
authorRichard Mudgett <rmudgett@digium.com>
Tue, 20 Sep 2011 19:13:36 +0000 (19:13 +0000)
committerRichard Mudgett <rmudgett@digium.com>
Tue, 20 Sep 2011 19:13:36 +0000 (19:13 +0000)
https://origsvn.digium.com/svn/asterisk/branches/10

................
  r337008 | rmudgett | 2011-09-20 14:12:24 -0500 (Tue, 20 Sep 2011) | 22 lines

  Merged revisions 337007 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.8

  ........
    r337007 | rmudgett | 2011-09-20 14:10:30 -0500 (Tue, 20 Sep 2011) | 15 lines

    Check if a channel was created before using the pointer in sig_ss7_new_ast_channel().

    Fixes the crash in ASTERISK-17955 gdb-11918.txt backtrace.

    * Added some missing libss7 access lock protection.

    * Prevent cancelling the ss7_linkset() thread at inoportune times just
    like the pri_dchannel() thread.

    (issue ASTERISK-17955)
    Reported by: Ian M Sherman
    Patches:
          jira_asterisk_17955_v1.8.patch (license #5621) patch uploaded by rmudgett
          (attached to related ASTERISK-17966)
  ........
................

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@337009 65c4cc65-6c06-0410-ace0-fbb531ad65f3

channels/sig_ss7.c

index 915cced..f1bb75a 100644 (file)
@@ -217,6 +217,9 @@ static struct ast_channel *sig_ss7_new_ast_channel(struct sig_ss7_chan *p, int s
        } else {
                return NULL;
        }
+       if (!ast) {
+               return NULL;
+       }
 
        if (!p->owner) {
                p->owner = ast;
@@ -618,8 +621,12 @@ void *ss7_linkset(void *data)
        unsigned int dpc;
        int nextms = 0;
 
+       pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
+
        ss7_set_debug(ss7, SIG_SS7_DEBUG_DEFAULT);
+       ast_mutex_lock(&linkset->lock);
        ss7_start(ss7);
+       ast_mutex_unlock(&linkset->lock);
 
        for (;;) {
                ast_mutex_lock(&linkset->lock);
@@ -638,15 +645,20 @@ void *ss7_linkset(void *data)
                        nextms = tv.tv_sec * 1000;
                        nextms += tv.tv_usec / 1000;
                }
-               ast_mutex_unlock(&linkset->lock);
 
                for (i = 0; i < linkset->numsigchans; i++) {
                        pollers[i].fd = linkset->fds[i];
                        pollers[i].events = ss7_pollflags(ss7, linkset->fds[i]);
                        pollers[i].revents = 0;
                }
+               ast_mutex_unlock(&linkset->lock);
 
+               pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
+               pthread_testcancel();
                res = poll(pollers, linkset->numsigchans, nextms);
+               pthread_testcancel();
+               pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
+
                if ((res < 0) && (errno != EINTR)) {
                        ast_log(LOG_ERROR, "poll(%s)\n", strerror(errno));
                } else if (!res) {
@@ -1547,8 +1559,11 @@ int sig_ss7_indicate(struct sig_ss7_chan *p, struct ast_channel *chan, int condi
                ast_debug(1,"Received AST_CONTROL_PROCEEDING on %s\n",chan->name);
                /* This IF sends the FAR for an answered ALEG call */
                if (chan->_state == AST_STATE_UP && (p->rlt != 1)){
-                       if ((isup_far(p->ss7->ss7, p->ss7call)) != -1)
+                       ss7_grab(p, p->ss7);
+                       if ((isup_far(p->ss7->ss7, p->ss7call)) != -1) {
                                p->rlt = 1;
+                       }
+                       ss7_rel(p->ss7);
                }
 
                if (p->call_level < SIG_SS7_CALL_LEVEL_PROCEEDING && !p->outgoing) {