Ticket #1903 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Crash when cleaning STUN response cache

Reported by: riza Owned by: bennylp
Priority: normal Milestone: release-2.5
Component: pjnath Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

The crash can be seen when using Asterisk 11+ in a very small number of calls (1 in 10,000) and can also be seen as a 100% CPU utilisation in some cases.

It seems to have started due to an optimisation in Chrome 47+ which triggers this timing-related problem. In the STUN engine, a retransmit cache is maintained in

sess->cached_response_list

When this linked-list of data is modified, the relevant lock

sess->grp_lock

is held in all places except one.

A cache expiry timer is set on the above list, which fires

on_cache_timeout()

to clean the cache. This function does not get the group lock before trying to empty the list.

Thanks to Steve Davies for the report and patch

Change History

comment:1 Changed 3 years ago by riza

In 5233:

Re #1903: Fix crash when cleaning STUN response cache.

comment:2 Changed 3 years ago by riza

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.