From 0838d084abcb01b3f20cababb1e3e21bc778db1c Mon Sep 17 00:00:00 2001 From: Matthew Jordan Date: Tue, 15 Jan 2013 03:46:57 +0000 Subject: [PATCH] Prevent crash in ConfBridge due to race condition when channels leave bridge When a channel leaves a bridge, a race condition existed where the bridge_channel's pvt structure would be accessed after it was disposed of. This patch prevents that by setting the pointer to the pvt to NULL prior to disposing of it. Note that this patch is a backport from Asterisk 10. This particular race condition was fixed as part of the larger code rework that occurred for that release. The solution to this problem was pointed out by Gunnar Harms in ASTERISK-16640. (closes issue ASTERISK-16640) Reported by: thomas987 (closes issue ASTERISK-16835) Reported by: saghul git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@379091 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- bridges/bridge_softmix.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bridges/bridge_softmix.c b/bridges/bridge_softmix.c index 31f579334b..a6ee88cdd4 100644 --- a/bridges/bridge_softmix.c +++ b/bridges/bridge_softmix.c @@ -149,6 +149,11 @@ static int softmix_bridge_leave(struct ast_bridge *bridge, struct ast_bridge_cha { struct softmix_channel *sc = bridge_channel->bridge_pvt; + if (!(bridge_channel->bridge_pvt)) { + return 0; + } + bridge_channel->bridge_pvt = NULL; + /* Drop mutex lock */ ast_mutex_destroy(&sc->lock);