When app_queue is unloaded, the queues container has its refcount
decremented, potentially to 0. Then the taskprocessor responsible
for handling device state changes is unreferenced. If the
taskprocessor happens to be just about to run its task, then it
will create and destroy an iterator on the queues container.
This can cause the refcount on the queues container to increase to
1 and then back to 0. Going back to 0 a second time results in
double frees.
This failure was seen periodically in the testsuite when Asterisk
would shut down.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@372089 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Queue member status would not always get updated properly when the member
was called, thus resulting in the member getting multiple calls. With this
change, we update the member's status at the time of calling, and we also
check to make sure the member is still available to take the call before
placing an outbound call.
(closes issue ASTERISK-16115)
reported by nik600
Patches:
app_queue.c-svn-r370418.patch uploaded by Italo Rossi (license #6409)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@372048 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The v1.8 -r369258 change to fix the F and F(x) action logic introduced a
regression in passing the hangup cause from the called channel to the
caller channel.
(closes issue ASTERISK-20287)
Reported by: Konstantin Suvorov
Patches:
app_dial_hangupcause.patch (license #6421) patch uploaded by Konstantin Suvorov (modified)
Tested by: rmudgett
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@371860 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This fixes three main issues
* Change asprintf() uses to ast_asprintf() so that it
pairs properly with ast_free() and no longer causes
MALLOC_DEBUG to freak out.
* When ast_asprintf() fails, set the pointer NULL if
it will be referenced later.
* Fix some memory leaks that were spotted while taking
care of the first two points.
(Closes issue ASTERISK-20135)
reported by Richard Mudgett
Review: https://reviewboard.asterisk.org/r/2071
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@371590 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If a static queue had realtime members, then there could be a potential
for those realtime members not to be properly deleted from memory.
If the queue's members were loaded from realtime and then all the
members were deleted from the backend, then the queue would still
think these members existed. The reason was that there was a short-
circuit in code such that if there were no members found in the
backend, then the queue would not be updated to reflect this.
Note that this only affected static queues with realtime members.
Realtime queues with realtime members were unaffected by this issue.
(closes issue ASTERISK-19793)
reported by Marcus Haas
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@371306 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This adds test instrumentation for loading and unloading of modules
and for certain actions in MeetMe to be used in the testsuite or any
other consumer of AMI events. These will only be generated when
Asterisk is built with TEST_FRAMEWORK enabled.
(issue PQ-1131)
(issue PQ-1133)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@371201 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* The RemoveQueueMember app made mention of options that could
be passed in, but no options are supported. I have removed the
listing of options from the documentation.
* The RQMSTATUS variable did not list "NOTDYNAMIC" as a possible
value that could be set.
(closes issue AST-949)
reported by Steve Pitts
(closes issue AST-954)
reported by Steve Pitts
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@371141 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The documentation for the x flag for MeetMe incorrectly described its
function as closing down the conference when the last marked user left.
It actually causes the users with that flag to leave the conference
when the last marked user exits. The functionality of this flag is not
changing.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@370985 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a channel hangs up while being spied upon and the option to exit the
ChanSpy application when the spied on channel hangs up is set,
ast_autochan_destroy is not being called and therefore a reference to the spied
upon channel is not removed.
The symptom being reported was that when using func_group in the dialplan and
calling "group show channels" at the cli, the spied upon channel was still
being shown while "core show channels" showed that the channel was not up.
This patch calls ast_autochan_destroy when a spied upon channel hangs up and
the option to exit the ChanSpy application is set, removing the reference to
the channel allowing the count for the group that the spied channel was part of
to be decremented.
(closes issue ASTERISK-17515)
Reported by: Arkadiusz Malka
Tested by: Alexandr Gordeev, Michael L. Young
Patches:
asterisk-17515-destroy-autochan.diff
uploaded by Michael L. Young (license 5026)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@370952 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This replaces all calls to alloca() with ast_alloca() which calls gcc's
__builtin_alloca() to avoid BSD semantics and removes all NULL checks
on memory allocated via ast_alloca() and ast_strdupa().
(closes issue ASTERISK-20125)
Review: https://reviewboard.asterisk.org/r/2032/
Patch-by: Walter Doekes (wdoekes)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@370642 65c4cc65-6c06-0410-ace0-fbb531ad65f3
While addressing a bug, I came across a instance of 'struct ast_datastore_info'
that was not declared 'const'. Since the API already expects them to be
'const', this patch changes the declarations of all existing instances
that were not already declared that way.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@370183 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Correct documentation on labeliftrue and labeliffalse parameters of
GotoIf() and update several other locations that use the same syntax.
(closes issue ASTERISK-20007)
Patch-by: Leif Madsen
Reported-by: WIMPy
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@369869 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The heard and deleted arrays in the voicemail state structure were not
handled properly following the memory leak fix in r354890 and a fix for
an invalid free in r356797. This could result in accessing and writing
into freed memory. The allocation for these arrays has been reworked
to avoid the possibility of invalid frees, access of freed memory, and
crashes that were occurring as a result of this.
Locking around accesses and modifications of the voicemail state
structure members dh_arraysize, heard, and deleted has been added to
prevent simultaneous modification and access when IMAP storage is in
use. If IMAP storage is not in use, this locking is not compiled in.
Review: https://reviewboard.asterisk.org/r/1994/
(closes issue ASTERISK-19923)
Reported by: Dan Delaney
Tested by: Dan Delaney, Julian Yap
Patches:
vm_alloc_fix.diff uploaded by kmoore (license 6273)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@369652 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Most of these were just saving returned values without using them and
in some cases the variable being saved to could be removed as well.
(issue ASTERISK-19672)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@368738 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When localization was added to app_voicemail, these headers were altered
when they should have remained in en_US format for RFC compliance. This
reverts the changes to those two lines.
(closes issue ASTERISK-19876)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@368520 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Attempting to remove a channel from autoservice with the channel lock held
will result in deadlock.
* Restructured gosub_exec() to not call ast_parseable_goto() and
ast_exists_extension() with the channel lock held.
(closes issue ASTERISK-19764)
Reported by: rmudgett
Tested by: rmudgett
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@368308 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Fix only issue pointed out by deprecated_REVERSE_INULL.txt for
app_meetme.c in find_user().
* Change use of %i to %d in sscanf() in find_user(). The use of %i gives
unexpected parsing because it can accept hex, octal, and decimal integer
formats.
* Changed other uses of %i in app_meetme() to use %d for consistency.
(issue ASTERISK-19648)
Reported by: Matt Jordan
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@367906 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The Dial and Queue I option is intended to block connected line updates
and redirecting updates. However, it is a feature that when a call is
locally redirected, the I option is disabled if the redirected call runs
as a local channel so the administrator can have an opportunity to setup
new connected line information. Unfortunately, the Dial and Queue I
option is disabled for *all* forked calls if one of those calls is
redirected.
* Make the Dial and Queue I option apply to each outgoing call leg
independently. Now if one outgoing call leg is locally redirected, the
other outgoing calls are not affected.
* Made Dial not pass any redirecting updates when forking calls.
Redirecting updates do not make sense for this scenario.
* Made Queue not pass any redirecting updates when using the ringall
strategy. Redirecting updates do not make sense for this scenario.
* Fixed deadlock potential with chan_local when Dial and Queue send
redirecting updates for a local redirect.
* Converted the Queue stillgoing flag to a boolean bitfield.
(closes issue ASTERISK-19511)
Reported by: rmudgett
Tested by: rmudgett
Review: https://reviewboard.asterisk.org/r/1920/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@367678 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch addresses a number of memory leaks in a variety of modules that were
found by a static analysis tool. A brief summary of the changes:
* app_minivm: free ast_str objects on off nominal paths
* app_page: free the ast_dial object if the requested channel technology
cannot be appended to the dialing structure
* app_queue: if a penalty rule failed to match any existing rule list
names, the created rule would not be inserted and its memory
would be leaked
* app_read: dispose of the created silence detector in the presence of
off nominal circumstances
* app_voicemail: dispose of an allocated unique ID field for MWI event
un-subscribe requests in off nominal paths; dispose of
configuration objects when using the secret.conf option
* chan_dahdi: dispose of the allocated frame produced by ast_dsp_process
* chan_iax2: properly unref peer in CLI command "iax2 unregister"
* chan_sip: dispose of the allocated frame produced by sip_rtp_read's
call of ast_dsp_process; free memory in parse unit tests
* func_dialgroup: properly deref ao2 object grhead in nominal path of
dialgroup_read
* func_odbc: free resultset in off nominal paths of odbc_read
* cli: free match_list in off nominal paths of CLI match completion
* config: free comment_buffer/list_buffer when configuration file load
is unchanged; free the same buffers any time they were
created and config files were processed
* data: free XML nodes in various places
* enum: free context buffer in off nominal paths
* features: free ast_call_feature in off nominal paths of applicationmap
config processing
* netsock2: users of ast_sockaddr_resolve pass in an ast_sockaddr struct
that is allocated by the method. Failures in
ast_sockaddr_resolve could result in the users of the method
not knowing whether or not the buffer was allocated. The
method will now not allocate the ast_sockaddr struct if it
will return failure.
* pbx: cleanup hash table traversals in off nominal paths; free
ignore pattern buffer if it already exists for the specified
context
* xmldoc: cleanup various nodes when we no longer need them
* main/editline: various cleanup of pointers not being freed before being
assigned to other memory, cleanup along off nominal paths
* menuselect/mxml: cleanup of value buffer for an attribute when that attribute
did not specify a value
* res_calendar*: responses are allocated via the various *_request method
returns and should not be allocated in the various
write_event methods; ensure attendee buffer is freed if no
data exists in the parsed node; ensure that calendar objects
are de-ref'd appropriately
* res_jabber: free buffer in off nominal path
* res_musiconhold: close the DIR* object in off nominal paths
* res_rtp_asterisk: if we run out of ports, close the rtp socket object and free
the rtp object
* res_srtp: if we fail to create the session in libsrtp, destroy the
temporary ast_srtp object
(issue ASTERISK-19665)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1922
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366880 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This resolves core findings from ASTERISK-19650 numbers 0-2, 6, 7, 9-11, 14-20,
22-24, 28, 30-32, 34-36, 42-56, 82-84, 87, 89-90, 93-102, 104, 105, 109-111,
and 115. Finding numbers 26, 33, and 29 were already resolved. Those skipped
were either extended/deprecated or in areas of code that shouldn't be
disturbed.
(Closes issue ASTERISK-19650)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366167 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Fix FollowMe leaving recorded caller name file on error paths in
app_exec().
* Use correct buffer dimension define in struct call_followme.moh[] and
struct fm_args.namerecloc[]. This fixes unexpected namerecloc filename
length restriction.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365692 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Made use MAX_YN_STRING define to make all accept/decline DTMF buffers
the same size. Just using 20 isn't good enough when someone didn't get
the memo.
* Fix stupid use of a global variable in FollowMe. (ynlongest)
* Fix bit field declarations in FollowMe.
* Fix FollowMe n option documentation.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365631 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The VoiceMail d([c]) option is documented to accept digits for a new extension
in context <c>, if played during the greeting. This option works fine if the
extension being redirected to has an extension with the same initial digit in
the channel's current context. If that digit did not happen to exist in some
extension, a dialplan match would fail and the user would not be redirected.
This patch fixes it such that if the <c> option is used, the extensions are
matched in that context as opposed to the caller's original context.
(closes issue ASTERISK-18243)
Reported by: mjordan
Tested by: mjordan
Review: https://reviewboard.asterisk.org/r/1892
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365474 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Most of the changes here are trivial NULL checks. There are a couple
optimizations to remove the need to check for NULL and outboundproxy parsing
in chan_sip.c was rewritten to avoid use of strtok. Additionally, a bug was
found and fixed with the parsing of outboundproxy when "outboundproxy=," was
set.
(Closes issue ASTERISK-19654)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365398 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Correct the code in app_confbridge to play the conf-placeintoconf message to
the marked user entering the bridge instead of to the conference while the
marked user hears silence.
(closes issue ASTERISK-19641)
Reported-by: Mark A Walters
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@364786 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The Speech API apps return -1 on failure, which will hang up the channel. This
may not be desirable behavior for some, but it isn't something that can be
changed without breaking people's dialplans or writing an option to all of the
Speech apps that does what TryExec already does. This patch documents the
hangup behavior of the apps, and suggests TryExec as the solution.
(closes issue AST-813)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362815 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If the first command sent from an ExternalIVR client is an 'S' command, we were
blindly removing the first element from the play list and deferencing it, even
if it was NULL. This corrects that and also locks appropriately in one place.
(issue ASTERISK-17889)
Reported by: Chris Maciejewski
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362586 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* chan_mobile: Fixed an overrun where the cind_state buffer (an integer array
of size 16) would be overrun due to improper bounds checking. At worst, the
buffer can be overrun by a total of 48 bytes (assuming 4-byte integers),
which would still leave it within the allocated memory of struct hfp. This
would corrupt other elements in that struct but not necessarily cause any
further issues.
* app_sms: The array imsg is of size 250, while the array (ud) that the data
is copied into is of size 160. If the size of the inbound message is
greater then 160, up to 90 bytes could be overrun in ud. This would corrupt
the user data header (array udh) adjacent to ud.
* chan_unistim: A number of invalid memmoves are corrected. These would move
data (which may or may not be valid) into the ends of these buffers.
* asterisk: ast_console_toggle_loglevel does not check that the console log
level being set is less then or equal to the allowed log levels of 32.
* frame: In ast_codec_pref_prepend, if any occurrence of the specified codec
is not found, the value used to index into the array pref->order would be
one greater then the maximum size of the array.
* jitterbuf: If the element being placed into the jitter buffer lands in the
last available slot in the jitter history buffer, the insertion sort attempts
to move the last entry in the buffer into one slot past the maximum length
of the buffer. Note that this occurred for both the min and max jitter
history buffers.
* tdd: If a read from fsk_serial returns a character that is greater then 32,
an attempt to read past one of the statically defined arrays containing the
values that character maps to would occur.
* localtime: struct ast_time and tm are not the same size - ast_time is larger,
although it contains the elements of tm within it in the same layout. Hence,
when using memcpy to copy the contents of tm into ast_time, the size of tm
should be used, as opposed to the size of ast_time.
* extconf: this treats ast_timing's minmask array as if it had a length of 48,
when it has defined the size of the array as 24. pbx.h defines minmask as
having a size of 48.
(issue ASTERISK-19668)
Reported by: Matt Jordan
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362485 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When storing a voicemail message using an ODBC connection to a database, the
voicemail message is first stored on disk. The sound file associated with
the message is read into memory before being transmitted to the database.
When this occurs, a failure in the C library's lseek function would cause a
negative value to be passed to the mmap as the size of the memory map to
create. This would almost certainly cause the creation of the memory map to
fail, resulting in the message being lost.
(issue ASTERISK-19655)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1863
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362201 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Prior to this patch, ForkCDR's e option would immediately set the end time of the forked
CDR to that of the CDR that is being terminated. This resulted in the new CDR's end time
being roughly the same as it's beginning time (which is in turn roughly the same as the
original's end time).
(closes issue ASTERISK-19164)
Reported by: Steve Davies
Patches:
cdr_fork_end.v10.patch uploaded by Steve Davies (license 5012)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362082 65c4cc65-6c06-0410-ace0-fbb531ad65f3
A memory leak/reference counting leak occurs if the MeetMeAdmin 'e' command
(eject last user that joined) is used in conjunction with a specified user.
Regardless of the command being executed, if a user is specified for the
command, MeetMeAdmin will look up that user. Because the 'e' option kicks
the last user that joined, as opposed to the one specified, the reference to
the user specified by the command would be leaked when the user variable
was assigned to the last user that joined.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361558 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The error message for failure to stop autoservice after a gosub or macro call
during a dial was removed for macro while Asterisk 1.4 was still being actively
developed. The corresponding gosub error message was never removed.
(closes issue ASTERISK-19551)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361329 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This came up while fixing documentation generation for many other cases where
the argument separator was not being displayed properly. Now that it is
displayed properly, it shows up in the wrong place for Transfer since the '/'
is only required if Tech is present.
(related to issue ASTERISK-18168)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361040 65c4cc65-6c06-0410-ace0-fbb531ad65f3
