| Summary: | ASTERISK-04443: Data Buffer Size Exceeded! leads to crash | ||
| Reporter: | Trevor Peirce (trev) | Labels: | |
| Date Opened: | 2005-06-19 06:00:54 | Date Closed: | 2008-01-15 15:38:40.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | While preparing to update asterisk to the latest/greatest, I issued a stop when convenient and was presented with a crash after a brief pause. Looking at the backtrace, it seems this happened because the call length was too long and overflowed a buffer. That's my guess anyway, I don't quite understand enough... I'll be glad to provide any more information from the backtrace, but I don't think this is something I'll be able to reproduce on demand. ****** ADDITIONAL INFORMATION ****** (gdb) bt full #0 0x00764b47 in strftime_l () from /lib/tls/libc.so.6 No symbol table info available. #1 0x00764ac1 in strftime () from /lib/tls/libc.so.6 No symbol table info available. #2 0x08055aa0 in ast_log (level=4, file=0x80eba71 "cdr.c", line=370, function=0x80ebb10 "ast_cdr_serialize_variables", fmt=0x80e9154 "Data Buffer Size Exceeded!\n") at logger.c:699 chan = (struct logchannel *) 0x644bae0 buf = "Data Buffer Size Exceeded!\n\000R\033[0;37;40m[24225]: \033[1;37;40mcdr.c\033[0;37;40m:\033[1;37;40m370\033[0;37;40m \033[1;37;40mast_cdr_serialize_variables\033[0;37;40m: \000\000\000\000\000�\177\000D\006&ASTERISK-1330;D\006\200D\006�\000&ASTERISK-1330;D\006u�016\bD\006D\006\000\000\000\000\001\200"... t = 1119174570 tm = {tm_sec = 30, tm_min = 49, tm_hour = 2, tm_mday = 19, tm_mon = 5, tm_year = 105, tm_wday = 0, tm_yday = 169, tm_isdst = 1, tm_gmtoff = -25200, tm_zone = 0x89e6578 "PDT"} date = "Jun 19 02:49:30", '\0' <repeats 37 times>, "($\177\000�", '\0' <repeats 84 times>, "\004Et\000\000\000\000\000\000\000\000\000�\177\000&ASTERISK-1076;D\006D\006\002\000\000\000\002\000\000\000D\006�0\000\000\000\000�\006�\177\000\016\b�\006D\006`s\000&ASTERISK-1076;D\006\016\b\bD\006D\006\000\000\000\000pD\006/\002q\000�\177\000D\006D\006\000\000\000" #3 0x08098a25 in ast_cdr_serialize_variables (cdr=0x8adcc10, buf=0x644de70 "level 1: clid=\"Modified Names\" <2505551234>\nlevel 1: src=2505551234\nlevel 1: dst=95554321\nlevel 1: dcontext=clients_sip\nlevel 1: channel=SIP/clients723-e5db\nlevel 1: lastapp=ForkCDR\nlevel 1: start=200"..., size=2048, delim=61 '=', sep=10 '\n', recur=1) at cdr.c:370 variables = (struct ast_var_t *) 0x80eba71 var = 0x23 "" val = 0x80e9154 "Data Buffer Size Exceeded!\n" tmp = 0x644dbb0 "\"Modified Names\" <2505551234>" workspace = "\"Modified Names\" <2505551234>\000\t�\177\000\200\001\000\000\201\001\000\000�\006\202s\000pR\t\201\001\000\000�D\006\030`3\t\000\000\000\000\200\001\000\000\000\200pR\t\235S\tpR\tpR\t�\t,U\tpR\t,U\t", '\0' <repeats 48 times>, "t\203t\000\200�177\000\231�\000I\000\000\000x�\006i\220y\000A\001\000\000�\t@\001\000\000�\t`\a\200\000�\177\000`\a\200\000pR\t�\006+\227t\000`\a\200\000pR\t0\000"... total = 81 x = 35 i = 135182961 cdrcols = {0x80eba77 "clid", 0x80eba7c "src", 0x80eba80 "dst", 0x80eba84 "dcontext", 0x80e99af "channel", 0x80eba8d "dstchannel", 0x80eba98 "lastapp", 0x80ebaa0 "lastdata", 0x80eff2a "start", 0x80f0b89 "answer", 0x80f6ab8 "end", 0x80ebab5 "duration", 0x80ebabe "billsec", 0x80ebc4f "disposition", 0x80ebac6 "amaflags", 0x80ebacf "accountcode", 0x80ebadb "uniqueid", 0x80ebae4 "userfield"} #4 0x0808dc7c in handle_showchan (fd=808792636, argc=825503799, argv=0x644de70) at cli.c:736 c = (struct ast_channel *) 0x8a78568 now = {tv_sec = 1119174570, tv_usec = 858579} buf = "level 1: clid=\"Modified Names\" <2505551234>\nlevel 1: src=2505551234\nlevel 1: dst=95554321\nlevel 1: dcontext=clients_sip\nlevel 1: channel=SIP/clients723-e5db\nlevel 1: lastapp=ForkCDR\nlevel 1: start=200"... cdrtime = "150h18m58s", '\0' <repeats 245 times> elapsed_seconds = 135252992 hour = 1 sec = 1954112105 ASTERISK-1 0x2022656e in ?? () No symbol table info available. ASTERISK-2 0x3035323c in ?? () No symbol table info available. ASTERISK-3 0x31343037 in ?? () No symbol table info available. ASTERISK-4 0x3e383334 in ?? () No symbol table info available. ASTERISK-5 0x656c0a0a in ?? () No symbol table info available. ASTERISK-6 0x206c6576 in ?? () No symbol table info available. ASTERISK-7 0x63203a38 in ?? () (we go up to ASTERISK-328 with similar output to the last several) | ||
| Comments: | By: Kevin P. Fleming (kpfleming) 2005-06-20 19:37:40 The only place those messages appear in the source tree are in some functions called by the 'show channel' CLI command, so something on your system must have called it at during the time you were shutting down. In any case, I have reworked the code in those functions to make them slightly safer in the case of a potential buffer overflow, so please retest. If there is still a reproducable problem, you can reopen this bug. Thanks! By: Digium Subversion (svnbot) 2008-01-15 15:38:40.000-0600 Repository: asterisk Revision: 5944 U trunk/cdr.c U trunk/pbx.c ------------------------------------------------------------------------ r5944 | kpfleming | 2008-01-15 15:38:40 -0600 (Tue, 15 Jan 2008) | 2 lines use ast_build_string() to build strings into buffers, and general cleanup of variable serializing functions used by 'show channel' (bug ASTERISK-4443) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=5944 | ||