From 999d96d40525ca6bacb53fb09b1686fa260dd23d Mon Sep 17 00:00:00 2001
From: Matthew Jordan <mjordan@digium.com>
Date: Wed, 4 Mar 2015 18:52:10 +0000
Subject: translate: Prevent invalid memory accesses on fast shutdown

When a 'core restart now' or 'core stop now' is executed and a channel is
currently in a media operation, the translator matrix can be destroyed while a
channel is currently blocked on getting the best translation choice
(see ast_translator_best_choice). When the channel gets the mutex, the
translation matrix now has invalid memory, and Asterisk crashes.

This patch does two things:
(1) We now only clean up the translation matrix on a graceful shutdown. In that
    case, there are no channels, and so there is no risk of this occurring.
(2) We also now set the __matrix and __indextable to NULL. In some initial
    backtraces when this occurred, it looked as if there was a memory corruption
    occurring, and it wasn't until we determined that something had restarted
    Asterisk that the issue became clear. By setting these to NULL on shutdown,
    it becomes a bit easier to determine why a crash is occurring.

Note that we could litter the code with NULL checks on the __matrix, but the
act of making the translation matrix cleaned up on shutdown should preclude
this issue from occurring in the first place, and this part of the code needs
to be as fast as possible.

Review: https://reviewboard.asterisk.org/r/4457/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@432453 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 main/translate.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/main/translate.c b/main/translate.c
index 72abb59eb..bb07d50ab 100644
--- a/main/translate.c
+++ b/main/translate.c
@@ -1484,7 +1484,9 @@ static void translate_shutdown(void)
 		ast_free(__matrix[x]);
 	}
 	ast_free(__matrix);
+	__matrix = NULL;
 	ast_free(__indextable);
+	__indextable = NULL;
 	ast_rwlock_unlock(&tablelock);
 	ast_rwlock_destroy(&tablelock);
 }
@@ -1495,6 +1497,6 @@ int ast_translate_init(void)
 	ast_rwlock_init(&tablelock);
 	res = matrix_resize(1);
 	res |= ast_cli_register_multiple(cli_translate, ARRAY_LEN(cli_translate));
-	ast_register_atexit(translate_shutdown);
+	ast_register_cleanup(translate_shutdown);
 	return res;
 }
-- 
cgit v1.2.3