Summary: | ASTERISK-08114: Asterisk segfault when trying to include dialplan file with a macro | ||
Reporter: | Julien Goodwin (julieng) | Labels: | |
Date Opened: | 2006-11-11 00:30:41.000-0600 | Date Closed: | 2006-11-13 13:22:52.000-0600 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | Asterisk segfault when trying to include dialplan file with a macro ****** ADDITIONAL INFORMATION ****** #0 0x40312363 in strlen () from /lib/tls/libc.so.6 #1 0x0808911f in config_text_file_load (database=0xbfffc550 "??\021\b\006", table=0xbfffc450 "?\202\030\b\017", filename=0xbfffcdfa "dialplan/macros.conf", cfg=0x81986e0, withcomments=0) at config.c:99 #2 0x080879be in ast_config_internal_load (filename=0xbfffcdfa "dialplan/macros.conf", cfg=0x813c25c, withcomments=0) at config.c:1264 #3 0x08089cab in process_text_line (cfg=0x81986e0, cat=0xbfffcb5c, buf=0xbfffc6d0 "", lineno=22, configfile=0x40a2cea0 "extensions.conf", withcomments=0) at config.c:715 #4 0x080890ef in config_text_file_load (database=0xbffff040 "?N<@@e\001@)e0@?N<@/etc", table=0xbfffef40 "x????", filename=0x40a2cea0 "extensions.conf", cfg=0x81986e0, withcomments=0) at config.c:916 ASTERISK-1 0x080879be in ast_config_internal_load (filename=0x40a2cea0 "extensions.conf", cfg=0x813c25c, withcomments=0) at config.c:1264 ASTERISK-2 0x08088590 in ast_config_load (filename=0x0) at config.c:1281 ASTERISK-3 0x40a2b33d in pbx_load_config (config_file=0x0) at pbx_config.c:1341 ASTERISK-4 0x40a2ca71 in load_module () at pbx_config.c:1594 ASTERISK-5 0x0809fee6 in load_resource (resource_name=0x8170e28 "pbx_config.so", global_symbols_only=1084412832) at loader.c:631 ASTERISK-6 0x0809f090 in load_modules (preload_only=0) at loader.c:816 ASTERISK-7 0x08068b15 in main (argc=-1073743600, argv=0xbffffb14) at asterisk.c:2723 | ||
Comments: | By: Julien Goodwin (julieng) 2006-11-11 00:37:53.000-0600 Crash is caused by a call to strlen somewhere in config_text_file_load. Strlen is called a few times in that function: * 861 - memmove(comment_p - 1, comment_p, strlen(comment_p) + 1); * 884 - oldptr = process_buf + strlen(process_buf); * 890 - memmove(oldptr, new_buf, strlen(new_buf) + 1); It also appears it's a formatting error and otherwise unrelated to the file containing a macro By: Julien Goodwin (julieng) 2006-11-11 01:18:51.000-0600 This line (in extensions.conf): exten => test,1,noop>--------; Test Causes this backtrace: #0 0x40312363 in strlen () from /lib/tls/libc.so.6 #1 0x08089cdf in config_text_file_load (database=0xbffff040 "?N<@@e\001@)e0@`C7@?C<@", table=0xbfffef40 "x????", filename=0x40a2ff80 "extensions.conf", cfg=0x819a6c8, withcomments=0) at config.c:99 #2 0x0808851e in ast_config_internal_load (filename=0x40a2ff80 "extensions.conf", cfg=0x813e0fc, withcomments=0) at config.c:1264 #3 0x08089135 in ast_config_load (filename=0x0) at config.c:1281 #4 0x40a2e3e3 in pbx_load_config (config_file=0x0) at pbx_config.c:1341 ASTERISK-1 0x40a2fb27 in load_module () at pbx_config.c:1594 ASTERISK-2 0x080a1226 in load_resource (resource_name=0x8172e28 "pbx_config.so", global_symbols_only=1084425344) at loader.c:631 ASTERISK-3 0x080a0390 in load_modules (preload_only=0) at loader.c:816 ASTERISK-4 0x08068f8a in main (argc=-1073743600, argv=0xbffffb14) at asterisk.c:2723 The bug appears to be in the function CB_ADD(char *str), specifically line 99 of config.c where it calls strlen(comment_buffer) without checking that comment_buffer isn't null. Later in that function (after the ast_realloc call) the function simply returns if the buffer isn't allocated, and duplicating that call at the start of the function stops the crash. By: Steve Murphy (murf) 2006-11-13 13:21:59.000-0600 The problem was the CB_ADD routine should not be called if withcomments==0. This is my doing; I made a minor update to the surrounding "if" to fix it, and this problem should be solved. I committed this fix to 1.4 via r47576, and trunk via r47577 By: Steve Murphy (murf) 2006-11-13 13:22:51.000-0600 With fixes in 1.4 and trunk, this bug is closeable. |