From 854a6de819b8c14b7493fde28460eb4f9fb305e3 Mon Sep 17 00:00:00 2001 From: George Joseph <gjoseph@digium.com> Date: Fri, 16 Jun 2017 08:31:04 -0600 Subject: [PATCH] res_stasis: Plug reference leak on stolen channels When a stasis channel is stolen by another app, the control structure is unreffed but never unlinked from the app_controls container. This causes the channel reference to leak. Added OBJ_UNLINK to the callback in channel_stolen_cb. Also added some additional channel lifecycle debug messages to channel.c. ASTERISK-27059 #close Repoorted-by: George Joseph Change-Id: Ib820936cd49453f20156971785e7f4f182c56e14 --- main/channel.c | 9 ++++++++- res/res_stasis.c | 20 ++++++++++++++++---- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/main/channel.c b/main/channel.c index 1ca485e7ad..8b4dc75bec 100644 --- a/main/channel.c +++ b/main/channel.c @@ -998,6 +998,9 @@ __ast_channel_alloc_ap(int needqueue, int state, const char *cid_num, const char * the world know of its existance */ ast_channel_stage_snapshot_done(tmp); + + ast_debug(1, "Channel %p '%s' allocated\n", tmp, ast_channel_name(tmp)); + return tmp; } @@ -2217,6 +2220,8 @@ static void ast_channel_destructor(void *obj) char device_name[AST_CHANNEL_NAME]; ast_callid callid; + ast_debug(1, "Channel %p '%s' destroying\n", chan, ast_channel_name(chan)); + /* Stop monitoring */ if (ast_channel_monitor(chan)) { ast_channel_monitor(chan)->stop(chan, 0); @@ -2579,6 +2584,9 @@ void ast_hangup(struct ast_channel *chan) return; } + ast_debug(1, "Channel %p '%s' hanging up. Refs: %d\n", chan, ast_channel_name(chan), + ao2_ref(chan, 0)); + ast_autoservice_stop(chan); ast_channel_lock(chan); @@ -2638,7 +2646,6 @@ void ast_hangup(struct ast_channel *chan) ast_assert(ast_test_flag(ast_channel_flags(chan), AST_FLAG_BLOCKING) == 0); } - ast_debug(1, "Hanging up channel '%s'\n", ast_channel_name(chan)); if (ast_channel_tech(chan)->hangup) { ast_channel_tech(chan)->hangup(chan); } diff --git a/res/res_stasis.c b/res/res_stasis.c index 9ea0d63fea..899c8f720a 100644 --- a/res/res_stasis.c +++ b/res/res_stasis.c @@ -1069,8 +1069,18 @@ static void channel_stolen_cb(void *data, struct ast_channel *old_chan, struct a { struct stasis_app_control *control; - /* find control */ - control = ao2_callback(app_controls, 0, masq_match_cb, old_chan); + /* + * At this point, old_chan is the channel pointer that is in Stasis() and + * has the unknown channel's name in it while new_chan is the channel pointer + * that is not in Stasis(), but has the guts of the channel that Stasis() knows + * about. + * + * Find and unlink control since the channel has a new name/uniqueid + * and its hash has changed. Since the channel is leaving stasis don't + * bother putting it back into the container. Nobody is going to + * remove it from the container later. + */ + control = ao2_callback(app_controls, OBJ_UNLINK, masq_match_cb, old_chan); if (!control) { ast_log(LOG_ERROR, "Could not find control for masqueraded channel\n"); return; @@ -1111,8 +1121,10 @@ static void channel_replaced_cb(void *data, struct ast_channel *old_chan, struct return; } - /* find, unlink, and relink control since the channel has a new name and - * its hash has likely changed */ + /* + * Find, unlink, and relink control since the channel has a new + * name/uniqueid and its hash has changed. + */ control = ao2_callback(app_controls, OBJ_UNLINK, masq_match_cb, new_chan); if (!control) { ast_log(LOG_ERROR, "Could not find control for masquerading channel\n"); -- GitLab