Crash during session destruction: invalid channel variable pointer in switch_event_add_header_string()

**Describe the bug**
FreeSWITCH crashes during session destruction when firing SWITCH_EVENT_CHANNEL_DESTROY.
The crash occurs in my_dup() due to an invalid string pointer passed from a channel variable, suggesting a use-after-free / invalid lifetime of a channel variable value.

**To Reproduce**
Steps to reproduce the behavior:

1. just originate a lot
2. FreeSWITCH crashes

**Expected behavior**
Guarantee that channel variable values remain valid until after
SWITCH_EVENT_CHANNEL_DESTROY

**Package version or git hash**
        • Version  1.10.12
	•	OS: Linux x86_64
	•	libc: glibc
	•	Crash reproducible under real call load



**Trace logs**


**backtrace from core file**
If applicable, provide the full backtrace from the core file.
```

[backtrace.log](https://github.com/user-attachments/files/24794322/backtrace.log)

```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Crash during session destruction: invalid channel variable pointer in switch_event_add_header_string() #2981

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Crash during session destruction: invalid channel variable pointer in switch_event_add_header_string() #2981

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions