Summary: | ASTERISK-09242: Asterisk 1.4.2 crash in put_unaligned_uint32 | ||
Reporter: | dmb (dmb) | Labels: | |
Date Opened: | 2007-04-11 04:48:58 | Date Closed: | 2011-06-07 14:00:58 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) 9519-frchk.diff ( 1) core.1996.dbg ( 2) core.30156.gdb ( 3) core.9865.gdb ( 4) issue9519.diff | |
Description: | Hello, Sometimes my asterisk 1.4.2 crash in unaligned.h:49. The function is put_unaligned_uint32. I attach the gdb result for this core. Any idea? | ||
Comments: | By: Joshua C. Colp (jcolp) 2007-04-11 09:10:32 If the backtrace is still available please open it and do the following: frame 2 print *f and add the output as a note here. Thanks! By: dmb (dmb) 2007-04-11 09:43:45 Hello, the result is: (gdb) frame 2 #2 0x080db398 in ast_rtp_write (rtp=0x8591218, _f=0xb77b9f1c) at rtp.c:2717 2717 ast_rtp_raw_write(rtp, f, codec); (gdb) print *f $1 = {frametype = 0, subclass = 0, datalen = 0, samples = 0, mallocd = 0, mallocd_hdr_len = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0}, has_timing_info = 0, ts = 0, len = 0, seqno = 0} By: dmb (dmb) 2007-04-17 09:34:09 Hello, any idea about this? thank you By: dmb (dmb) 2007-05-10 09:46:40 Helloooooo????? Any idea about this :) Thank you By: Joshua C. Colp (jcolp) 2007-05-14 11:53:21 Please try the attached patch. Thanks! By: dmb (dmb) 2007-05-28 11:05:28 Hello, With that patch asterisk crash with the same error. I attach the gdb trace: core.9865.gdb. Thank you!!! By: Joshua C. Colp (jcolp) 2007-05-29 10:05:04 I need access to the machine where the core dumps are for this. Can you please email me at jcolp@digium.com so we can arrange something? By: dmb (dmb) 2007-05-29 11:13:52 Hello, it isn't possible. What do you need? I give you all your requests. Thank you By: dmb (dmb) 2007-05-29 11:28:07 Hello, when asterisk crash: IN RTP.C /* Get a pointer to the header */ rtpheader = (unsigned char *)(f->data - hdrlen); here f->data is null and hdrlen = 12 (C in hexa). After that subtract rtpheader value is 0xfffffff4. That's produce the crash in the next function calls. Why is the f->data null value not controled before the sustract? Thank you By: Joshua C. Colp (jcolp) 2007-05-29 11:46:38 Fixed in 1.4 as of revision 66437 and trunk as of revision 66438. I suspect it was never originally checked since nobody ever expected it to happen, I've added a check though now. By: dmb (dmb) 2007-05-30 06:36:59 Hello, if you attach the diff file for this, i could verify the correction. Thank you for all. By: Joshua C. Colp (jcolp) 2007-05-30 11:31:22 Patch attached as issue9519.diff, if this does not fix it please reopen. Peace. By: dmb (dmb) 2007-06-18 02:55:22 Hello, another core is reproduced in the same function with de patch. I attach the gdb file. Thanks By: Joshua C. Colp (jcolp) 2007-06-18 08:11:20 Would it be possible to upgrade to 1.4.5? Your code is now 3 versions out of date and modified so it is difficult to track things down. By: Russell Bryant (russell) 2007-06-19 10:00:02 What architecture is this running on? By: Joshua C. Colp (jcolp) 2007-08-06 12:26:58 It's been a month now without a response. If you can please upgrade and post the architecture this is running on feel free to reopen. |