Prevent crash in ConfBridge due to race condition when channels leave bridge

When a channel leaves a bridge, a race condition existed where the bridge_channel's pvt structure would be accessed after it was disposed of. This patch prevents that by setting the pointer to the pvt to NULL prior to disposing of it. Note that this patch is a backport from Asterisk 10. This particular race condition was fixed as part of the larger code rework that occurred for that release. The solution to this problem was pointed out by Gunnar Harms in ASTERISK-16640. (closes issue ASTERISK-16640) Reported by: thomas987 (closes issue ASTERISK-16835) Reported by: saghul git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@379091 65c4cc65-6c06-0410-ace0-fbb531ad65f3
12 years ago · 0838d084ab
parent 37f037f444
commit 0838d084ab
1 changed files with 5 additions and 0 deletions
--- a/bridges/bridge_softmix.c
+++ b/bridges/bridge_softmix.c
@ -149,6 +149,11 @@ static int softmix_bridge_leave(struct ast_bridge *bridge, struct ast_bridge_cha
 {
 	struct softmix_channel *sc = bridge_channel->bridge_pvt;

+	if (!(bridge_channel->bridge_pvt)) {
+		return 0;
+	}
+	bridge_channel->bridge_pvt = NULL;
+
 	/* Drop mutex lock */
 	ast_mutex_destroy(&sc->lock);