Summary:ASTERISK-04717: LEN() function seems to segfault asterisk when used with big variables
Reporter:Benjamin Lawetz (benthos)Labels:
Date Opened:2005-07-28 08:43:26Date Closed:2011-06-07 14:10:05
Versions:Frequency of
Environment:Attachments:( 0) lenfix.patch
Description:When using the LEN() function in a complex diaplan with long variables (200+ characters) asterisk segfaults. Problem disappears when compiling with valgrind.


at pbx.c:846
cp3 is define as: char cp3[80];
and len is the size of the variable. So when we write the '\0' in cp3, we write it outside of the cp3 definition if the string length is longer that 85.

by getting rid of all of the cp3 and just put in workspace ((int)strlen(var)-5) if I'm not mistaking does the same result without the cp3 size restriction (and bug).
Comments:By: Clod Patry (junky) 2005-07-28 08:52:29

changed version on request.

By: Olle Johansson (oej) 2005-07-28 08:55:34

Which platform (O/S, distribution) ?
Tell us more about the system. Can you give us a short dialplan where this happens?

Does it happen with CVS head or only stable?

By: Benjamin Lawetz (benthos) 2005-07-28 09:06:37

Gentoo 2.6.11
Unfortunately I haven't been able to reproduce it with a short diaplan, and I can't release the full dialplan.

This does not happen in CVS head.

By: Michael Jerris (mikej) 2005-07-28 09:11:21

Moving this to pending stable as it is a stable only bug acording to benthos.

By: Russell Bryant (russell) 2005-07-28 11:56:21

give this patch a try

By: Benjamin Lawetz (benthos) 2005-07-28 13:27:57

Works great!

And len() can now return values up to 4090 (instead of 79)

By: Russell Bryant (russell) 2005-08-26 11:38:57

I put this in a long time ago :)

By: Digium Subversion (svnbot) 2008-01-15 15:43:06.000-0600

Repository: asterisk
Revision: 6240

U   branches/v1-0/pbx.c

r6240 | russell | 2008-01-15 15:43:05 -0600 (Tue, 15 Jan 2008) | 2 lines

fix potential seg fault when using LEN() with a string greater than 80 characters (bug ASTERISK-4717)