Summary:ASTERISK-00194: [patch] using disa with a sip client causes seg fault
Reporter:djs (djs)Labels:
Date Opened:2003-08-29 00:32:37Date Closed:2008-01-15 14:33:34.000-0600
Versions:Frequency of
Environment:Attachments:( 0) disa.patch
Description:when connecting to * from sip client and then running the disa app asterisk crashes.  source of crash is in apps/app_disa.c in
func disa_exec.  tone_block is passed to ast_write without having any extra space at the head.  this causes the following  two lines to overwrite data:

rtpheader = (unsigned int *)(f->data - hdrlen);
       rtpheader[0] = htonl((2 << 30) | (codec << 16) | (rtp->seqno++) | (mark << 23));


source of the problem is in apps/app_disa.c.  tone_block is passed to ast_write without having any extra space at the head.  concequently in rtp.c ~line 956, other data, whatever happens to be 12 bytes before tone_block gets overwritten.  in my case f->data was getting overwritten with the first word of the rtp header.
Comments:By: Mark Spencer (markster) 2003-09-01 10:37:56

Patch didn't apply, bug fix in CVS.

By: Digium Subversion (svnbot) 2008-01-15 14:33:34.000-0600

Repository: asterisk
Revision: 1453

U   trunk/apps/app_disa.c

r1453 | markster | 2008-01-15 14:33:33 -0600 (Tue, 15 Jan 2008) | 2 lines

Fix DISA to actually have header it advertises (bug ASTERISK-194)