![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 8 years ago
Closed 8 years ago
#1903 closed defect (fixed)
Crash when cleaning STUN response cache
| Reported by: | riza | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.5 |
| Component: | pjnath | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
The crash can be seen when using Asterisk 11+ in a very small number of calls (1 in 10,000) and can also be seen as a 100% CPU utilisation in some cases.
It seems to have started due to an optimisation in Chrome 47+ which
triggers this timing-related problem.
In the STUN engine, a retransmit cache is maintained in
sess->cached_response_list
When this linked-list of data is modified, the relevant lock
sess->grp_lock
is held in all places except one.
A cache expiry timer is set on the above list, which fires
on_cache_timeout()
to clean the cache. This function does not get the
group lock before trying to empty the list.
Thanks to Steve Davies for the report and patch
Change History (2)
comment:1 Changed 8 years ago by riza
comment:2 Changed 8 years ago by riza
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In 5233: