From 92d18898137036a44064f73b1e73312c835ab989 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=B6ms=C3=B6di=20Gergely?= <doome@uhusystems.com>
Date: Wed, 6 Mar 2019 14:20:09 +0100
Subject: [PATCH] app_queue: fix ring_entry to access nativeformats with a
 channel lock

Fixes an intermittent segmentation fault which occured when accessing
nativeformats of a channel which entered into a queue.

ASTERISK-27964
Reported by: Francisco Seratti

Change-Id: Ic87fa7a363f3b487c24ce07032f4b2201c22db9e
---
 apps/app_queue.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/apps/app_queue.c b/apps/app_queue.c
index 4c339cb606..e611a3a9f2 100644
--- a/apps/app_queue.c
+++ b/apps/app_queue.c
@@ -4341,6 +4341,7 @@ static int ring_entry(struct queue_ent *qe, struct callattempt *tmp, int *busies
 	char tech[256];
 	char *location;
 	const char *macrocontext, *macroexten;
+	struct ast_format_cap *nativeformats;
 	RAII_VAR(struct ast_json *, blob, NULL, ast_json_unref);
 
 	/* on entry here, we know that tmp->chan == NULL */
@@ -4357,8 +4358,13 @@ static int ring_entry(struct queue_ent *qe, struct callattempt *tmp, int *busies
 		location = "";
 	}
 
+	ast_channel_lock(qe->chan);
+	nativeformats = ao2_bump(ast_channel_nativeformats(qe->chan));
+	ast_channel_unlock(qe->chan);
+
 	/* Request the peer */
-	tmp->chan = ast_request(tech, ast_channel_nativeformats(qe->chan), NULL, qe->chan, location, &status);
+	tmp->chan = ast_request(tech, nativeformats, NULL, qe->chan, location, &status);
+	ao2_cleanup(nativeformats);
 	if (!tmp->chan) {			/* If we can't, just go on to the next call */
 		ao2_lock(qe->parent);
 		qe->parent->rrpos++;
-- 
GitLab