Summary: | ASTERISK-00194: [patch] using disa with a sip client causes seg fault | ||
Reporter: | djs (djs) | Labels: | |
Date Opened: | 2003-08-29 00:32:37 | Date Closed: | 2008-01-15 14:33:34.000-0600 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) disa.patch | |
Description: | when connecting to * from sip client and then running the disa app asterisk crashes. source of crash is in apps/app_disa.c in func disa_exec. tone_block is passed to ast_write without having any extra space at the head. this causes the following two lines to overwrite data: rtpheader = (unsigned int *)(f->data - hdrlen); rtpheader[0] = htonl((2 << 30) | (codec << 16) | (rtp->seqno++) | (mark << 23)); ****** ADDITIONAL INFORMATION ****** source of the problem is in apps/app_disa.c. tone_block is passed to ast_write without having any extra space at the head. concequently in rtp.c ~line 956, other data, whatever happens to be 12 bytes before tone_block gets overwritten. in my case f->data was getting overwritten with the first word of the rtp header. | ||
Comments: | By: Mark Spencer (markster) 2003-09-01 10:37:56 Patch didn't apply, bug fix in CVS. By: Digium Subversion (svnbot) 2008-01-15 14:33:34.000-0600 Repository: asterisk Revision: 1453 U trunk/apps/app_disa.c ------------------------------------------------------------------------ r1453 | markster | 2008-01-15 14:33:33 -0600 (Tue, 15 Jan 2008) | 2 lines Fix DISA to actually have header it advertises (bug ASTERISK-194) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=1453 |