Summary:ASTERISK-08892: [patch] check for frame before duping it
Reporter:cmaj (cmaj)Labels:
Date Opened:2007-02-26 22:37:33.000-0600Date Closed:2007-06-30 09:20:06
Versions:Frequency of
Environment:Attachments:( 0) frame.c.do-not-dupe-null-frames.patch
Description:I was trying to use ChanSpy with the 'w' whisper mode option, and I was getting core dumps after a couple of seconds of spying on a Zap channel that was listening to MusicOnHold.   Attached is a patch to frame.c ast_frdup function to check for null frames.  That stopped the core dumps for me.

Here's the dump:

#0  ast_frdup (f=0x0) at frame.c:431
431             len = sizeof(*out) + AST_FRIENDLY_OFFSET + f->datalen;
(gdb) bt
#0  ast_frdup (f=0x0) at frame.c:431
#1  0x080de963 in ast_slinfactory_feed (sf=0x823ea50, f=0x82491e0) at slinfactory.c:77
#2  0x0807fc84 in ast_channel_whisper_feed (chan=0x8238c80, f=0x82491e0) at channel.c:4688
#3  0xb72080e2 in channel_spy (chan=0x818d6e8, spyee=0x8238c80, volfactor=0xb6f7c2a8, fd=0, flags=0xb6f7c2f4) at app_chanspy.c:334
#4  0xb7207a15 in common_exec (chan=0x818d6e8, flags=0xb6f7c2f4, volfactor=0, fd=0, mygroup=0x0, spec=0xb6f7c2c0 "Zap", exten=0x0, context=0x0) at app_chanspy.c:531
ASTERISK-1  0xb7206fcb in chanspy_exec (chan=0x818d6e8, data=0x8246688) at app_chanspy.c:626
ASTERISK-2  0x080bcc02 in pbx_extension_helper (c=0x818d6e8, con=0x0, context=0x818d868 "bosses", exten=0x818d8b8 "601", priority=1, label=0x0,
   callerid=0x818e090 "5558675309", action=E_MATCHMORE) at pbx.c:505
ASTERISK-3  0x080bd821 in __ast_pbx_run (c=0x818d6e8) at pbx.c:2245
ASTERISK-4  0x080be6a1 in pbx_thread (data=0x0) at pbx.c:2556
ASTERISK-5  0x080eb419 in dummy_start (data=0x0) at utils.c:545
ASTERISK-6 0xb7fb7b63 in start_thread () from /lib/tls/libpthread.so.0
ASTERISK-7 0xb7e1f18a in clone () from /lib/tls/libc.so.6


This is a fresh download of Asterisk 1.4 tarball.
Comments:By: Serge Vecher (serge-v) 2007-02-27 10:32:50.000-0600

does this happen on 1.4 svn? I'm thinking this may have been fixed by 8434.

By: cmaj (cmaj) 2007-02-27 10:49:49.000-0600

Possibly.  I will wait until 1.4.1 tarball before testing tho.  This is on a production server.

By: Joshua C. Colp (jcolp) 2007-02-27 14:15:29.000-0600

1.4 SVN is what is going to become 1.4.1, but if you want to wait that's fine.

By: cmaj (cmaj) 2007-03-02 20:20:15.000-0600

I just tried 1.4.1 and it still crashes without my patch.  The patch now applies with only a little fuzz.

By: Joshua C. Colp (jcolp) 2007-03-04 22:21:23.000-0600

Fixed in 1.4 as of revision 57798 and trunk as of revision 57799. Thanks!