Summary:	ASTERISK-04735: [patch] 'iax2 show channels' causes immediate segfault
Reporter:	JG (john_94501)	Labels:
Date Opened:	2005-07-29 22:47:27	Date Closed:	2008-01-15 15:43:16.000-0600
Priority:	Critical	Regression?	No
Status:	Closed/Complete	Components:	Core/General
Versions:		Frequency of Occurrence
Related Issues:
Environment:		Attachments:	( 0) 20050730__bug4856.diff.txt
Description:	When issuing the 'iax2 show channels' command to either the CLI on the main process, or through an 'asterisk -r' session, the main process will crash with a segfault immediately. It does not matter if there are any IAX2 channels in use or not. ****** ADDITIONAL INFORMATION ****** I am running on an IXP425 system using uClibc. Debugging it revealed that it was possible for the iaxs array to contain non-zero elements that were not valid (random data). There did not appear to be anything clearing this array at initialisation time either. Adding a memset call under the place where the iaxsl mutex array is initialised that zeroes the whole of iaxs seems to fix it.
Comments:	By: Clod Patry (junky) 2005-07-29 22:56:21 We need gdb backtrace. By: JG (john_94501) 2005-07-29 23:08:06 Backtrace is not very useful since it is taken from gdbserver and not very stable at the moment, but here is the useful part of it: #0  iax2_show_channels (fd=13, argc=-1094713824, argv=0xb0000000) at chan_iax2.c:4299 #1  0x0003f390 in ast_cli_command (fd=13, s=0xbebffe20 "\uffff\uffff\uffff @\003%\200") at cli.c:1275 Here's the code at 4299: 4295                                    int lag, jitter, localdelay; 4296    #ifdef NEWJB 4297                                    jb_info jbinfo; 4298 4299                                    if(ast_test_flag(iaxs[x], IAX_USEJITTERBUF)) { 4300                                            jb_getinfo(iaxs[x]->jb, &jbinfo); 4301                                            jitter = jbinfo.jitter; 4302                                            localdelay = jbinfo.current - jbinfo.min; 4303                                    } else { 4304                                            jitter = -1; The iaxs array contained this: (gdb) print iaxs $1 = {0x0 <repeats 39 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000,  0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000,  0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000,  0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000,  0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000,  0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000, 0x0 <repeats 1023 times>, 0xb0000000,  0x0 <repeats 1023 times>...} Note the non-zero values because the array was uninitialised. It would be nice if somebody could take a look at other modules that have large static arrays and make sure they are being zeroed too. By: Tilghman Lesher (tilghman) 2005-07-30 01:18:16 It would be helpful to see if you could reproduce this on a system with a standard glibc, to see if this was related to a deficiency in uclibc. By: JG (john_94501) 2005-07-30 01:58:58 No, I do not have a system with any other library available. I would note though that it is basic good programming to make sure that your variables are initialised to something sensible before being used. For systems that are intended to run forever, it is best to use defensive techniques rather than rely on specific behaviours of external components, such as the dynamic loader, to initialise things for you. By: Russell Bryant (russell) 2005-07-30 16:51:53 However, iaxs *is* initialized.  Look a little bit further down in load_module ...        for (x=0;x<IAX_MAX_CALLS;x++)                ast_mutex_init(&iaxsl[x]); By: Tilghman Lesher (tilghman) 2005-07-30 17:03:42 drumkilla:  you missed the L.  iaxs, not iaxsl. By: JG (john_94501) 2005-07-30 22:14:44 Just after that loop is where I added the memset() call to zero iaxs though. Seemed like a good place to be initialising it since it is related to the iaxsl array of mutexes. By: Russell Bryant (russell) 2005-07-31 02:24:41 d'oh ... In that case, this looks like a perfectly logical patch to me.  :) By: Russell Bryant (russell) 2005-08-01 10:43:14 fixed in cvs head and 1.0, thanks! By: Digium Subversion (svnbot) 2008-01-15 15:43:16.000-0600 Repository: asterisk Revision: 6252 U   branches/v1-0/channels/chan_iax2.c ------------------------------------------------------------------------ r6252 | russell | 2008-01-15 15:43:16 -0600 (Tue, 15 Jan 2008) | 2 lines make sure iaxs gets initialized (bug ASTERISK-4735) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=6252 By: Digium Subversion (svnbot) 2008-01-15 15:43:16.000-0600 Repository: asterisk Revision: 6251 U   trunk/channels/chan_iax2.c ------------------------------------------------------------------------ r6251 | russell | 2008-01-15 15:43:15 -0600 (Tue, 15 Jan 2008) | 2 lines make sure that iaxs gets initialized (bug ASTERISK-4735) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=6251