| Summary: | ASTERISK-11136: [patch] prevent a segfault | ||
| Reporter: | Clod Patry (junky) | Labels: | |
| Date Opened: | 2008-01-01 17:44:12.000-0600 | Date Closed: | 2008-04-09 15:18:58 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Resources/res_musiconhold |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) moh_crash.diff | |
| Description: | I just got my box crashing: (gdb) bt #0 0xb7c6cc53 in strlen () from /lib/tls/i686/cmov/libc.so.6 #1 0x080abade in ast_openstream_full (chan=0xb6c0f850, filename=0x0, preflang=0xb6c4ea08 "fr", asis=1) at file.c:541 #2 0xb78e6779 in moh_files_generator (chan=0xb6c0f850, data=0x82baa30, len=320, samples=160) at res_musiconhold.c:255 #3 0x0808ada1 in ast_read_generator_actions (chan=0xb6c0f850, f=0x8299734) at channel.c:2102 #4 0x0808b477 in __ast_read (chan=0xb6c0f850, dropaudio=0) at channel.c:2481 ASTERISK-1 0xb71d0078 in conf_run (chan=0xb6c0f850, conf=0x81f9080, confflags=37196, optargs=0xb661d588) at app_meetme.c:2257 ASTERISK-2 0xb71d73f8 in conf_exec (chan=0xb6c0f850, data=0xb661de24) at app_meetme.c:3176 ASTERISK-3 0x080d57f5 in pbx_exec (c=0xb6c0f850, app=0x81f03e0, data=0xb661de24) at pbx.c:719 ASTERISK-4 0xb7a54af0 in handle_exec (chan=0xb6c0f850, agi=0xb661ddcc, argc=3, argv=0xb661d7c8) at res_agi.c:1101 ASTERISK-5 0xb7a59022 in agi_handle_command (chan=0xb6c0f850, agi=0xb661ddcc, buf=<value optimized out>, dead=0) at res_agi.c:2169 ASTERISK-6 0xb7a5a520 in agi_exec_full (chan=0xb6c0f850, data=<value optimized out>, enhanced=0, dead=0) at res_agi.c:2309 ASTERISK-7 0x080d57f5 in pbx_exec (c=0xb6c0f850, app=0x81ae730, data=0xb66211d8) at pbx.c:719 ASTERISK-8 0x080df6f5 in pbx_extension_helper (c=0xb6c0f850, con=0x0, context=0xb6c0f9d4 "unlimitel-inbound", exten=0xb6c0fa24 "349", priority=1, label=0x0, callerid=0xb6c05610 "10", action=E_SPAWN, found=0xb66232f4, combined_find_spawn=1) at pbx.c:2661 ASTERISK-9 0x080e2d2b in __ast_pbx_run (c=0xb6c0f850) at pbx.c:3161 ASTERISK-10 0x080e435e in ast_pbx_run (c=0xb6623440) at /usr/src/asterisk/include/asterisk/lock.h:697 ASTERISK-11 0x0811cceb in dummy_start (data=0xb6c3dbe0) at utils.c:838 ASTERISK-12 0xb7db2504 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 ASTERISK-13 0xb7ccd51e in clone () from /lib/tls/i686/cmov/libc.so.6 (gdb) ****** ADDITIONAL INFORMATION ****** This should fix that segfault. | ||
| Comments: | By: Joshua C. Colp (jcolp) 2008-01-02 08:54:40.000-0600 The correct fix would be to find out why it is being called with no filename. Did you do a reload and cause one of the files to go away? By: Clod Patry (junky) 2008-01-02 09:42:39.000-0600 yes. maybe you prefer the check in moh_files_generator() to avoid all these check in ast_openstream_full() ? Also, I think using the moh_diff() in res_musiconhold.c isnt not a perfect solution, since, if you add a file in ur moh dir and you do a moh reload, that new file won't be added (in moh show files), since the directory didnt changed. My feel is if we add/remove a file which is used by a moh directory, that change should be reflected on a moh reload. comments? By: Tilghman Lesher (tilghman) 2008-02-04 13:42:25.000-0600 Yes, I think we'd prefer the check be done in the generator. By: jmls (jmls) 2008-02-17 12:58:13.000-0600 junky .. any futher news ? By: Digium Subversion (svnbot) 2008-03-19 14:07:20 Repository: asterisk Revision: 110035 U branches/1.4/res/res_musiconhold.c ------------------------------------------------------------------------ r110035 | file | 2008-03-19 14:07:20 -0500 (Wed, 19 Mar 2008) | 4 lines Add sanity checking for position resuming. We *have* to make sure that the position does not exceed the total number of files present, and we have to make sure that the position's filename is the same as previous. These values can change if a music class is reloaded and give unpredictable behavior. (closes issue ASTERISK-11136) Reported by: junky ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=110035 By: Digium Subversion (svnbot) 2008-03-19 14:09:19 Repository: asterisk Revision: 110036 _U trunk/ U trunk/res/res_musiconhold.c ------------------------------------------------------------------------ r110036 | file | 2008-03-19 14:09:19 -0500 (Wed, 19 Mar 2008) | 12 lines Merged revisions 110035 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110035 | file | 2008-03-19 16:11:33 -0300 (Wed, 19 Mar 2008) | 4 lines Add sanity checking for position resuming. We *have* to make sure that the position does not exceed the total number of files present, and we have to make sure that the position's filename is the same as previous. These values can change if a music class is reloaded and give unpredictable behavior. (closes issue ASTERISK-11136) Reported by: junky ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=110036 By: Digium Subversion (svnbot) 2008-03-19 14:10:44 Repository: asterisk Revision: 110037 _U branches/1.6.0/ U branches/1.6.0/res/res_musiconhold.c ------------------------------------------------------------------------ r110037 | file | 2008-03-19 14:10:43 -0500 (Wed, 19 Mar 2008) | 20 lines Merged revisions 110036 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r110036 | file | 2008-03-19 16:13:39 -0300 (Wed, 19 Mar 2008) | 12 lines Merged revisions 110035 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110035 | file | 2008-03-19 16:11:33 -0300 (Wed, 19 Mar 2008) | 4 lines Add sanity checking for position resuming. We *have* to make sure that the position does not exceed the total number of files present, and we have to make sure that the position's filename is the same as previous. These values can change if a music class is reloaded and give unpredictable behavior. (closes issue ASTERISK-11136) Reported by: junky ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=110037 By: Digium Subversion (svnbot) 2008-04-09 15:15:44 Repository: asterisk Revision: 113924 U team/group/NoLossCDR-Redux2/build_tools/cflags.xml U team/group/NoLossCDR-Redux2/pbx/pbx_ael.c U team/group/NoLossCDR-Redux2/phoneprov/000000000000-directory.xml U team/group/NoLossCDR-Redux2/phoneprov/polycom.xml A team/group/NoLossCDR-Redux2/phoneprov/polycom_line.xml ------------------------------------------------------------------------ r113924 | juggie | 2008-04-09 15:15:41 -0500 (Wed, 09 Apr 2008) | 211 lines Merged revisions 110020,110023,110036,110084,110087,110132,110161,110164,110211,110237,110268,110270,110272,110303,110337,110339,110396,110444 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r110020 | file | 2008-03-19 14:25:33 -0400 (Wed, 19 Mar 2008) | 14 lines Merged revisions 110019 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110019 | file | 2008-03-19 15:20:28 -0300 (Wed, 19 Mar 2008) | 6 lines Make sure that the mark bit does not incorrectly cause video frame timestamps to be calculated as if they are audio frames. (closes issue ASTERISK-10940) Reported by: sperreault Patches: 11429-frametype.diff uploaded by qwell (license 4) ........ ................ r110023 | russell | 2008-03-19 14:57:16 -0400 (Wed, 19 Mar 2008) | 2 lines remove svnmerge-blocked property that is not supposed to be here ................ r110036 | file | 2008-03-19 15:13:39 -0400 (Wed, 19 Mar 2008) | 12 lines Merged revisions 110035 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110035 | file | 2008-03-19 16:11:33 -0300 (Wed, 19 Mar 2008) | 4 lines Add sanity checking for position resuming. We *have* to make sure that the position does not exceed the total number of files present, and we have to make sure that the position's filename is the same as previous. These values can change if a music class is reloaded and give unpredictable behavior. (closes issue ASTERISK-11136) Reported by: junky ........ ................ r110084 | mmichelson | 2008-03-19 16:34:13 -0400 (Wed, 19 Mar 2008) | 12 lines Merged revisions 110083 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110083 | mmichelson | 2008-03-19 15:33:03 -0500 (Wed, 19 Mar 2008) | 4 lines Add a missing unlock in the case that memory allocation fails in app_chanspy. Thanks to Russell for confirming that this was an issue. ........ ................ r110087 | jpeeler | 2008-03-19 17:05:24 -0400 (Wed, 19 Mar 2008) | 2 lines This change adds DNS manager support for registrations not referencing a peer entry. It looks like there is support for DNS manager for realtime peers as well, however it is not implemented correctly. The improper usage occurs when ast_dnsmgr_lookup is called with one of the arguments being an address from the stack to be continually updated. The variable from the stack will go out of scope and dnsmgr will continue to try and update the memory there, causing possible stack corruption. This problem will be worked on next as well as adding DNS manager support for peer entries. ................ r110132 | qwell | 2008-03-19 17:56:15 -0400 (Wed, 19 Mar 2008) | 1 line Rename very poorly named function to reflect what it actually does. This was causing quite a bit of confusion for me... ................ r110161 | qwell | 2008-03-19 18:25:34 -0400 (Wed, 19 Mar 2008) | 5 lines Rename DSP_FEATURE_DTMF_DETECT, because we are *NOT* only detecting DTMF digits. This was very misleading. Early cleanup for issue ASTERISK-11413 ................ r110164 | russell | 2008-03-19 18:58:33 -0400 (Wed, 19 Mar 2008) | 13 lines Merged revisions 110163 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110163 | russell | 2008-03-19 17:57:59 -0500 (Wed, 19 Mar 2008) | 5 lines Fix a bug where when calls on the trunk side hang up while on hold, the state is not properly reflected. (closes issue ASTERISK-11434, reported by anakaoka, patched by me) ........ ................ r110211 | tilghman | 2008-03-19 23:14:59 -0400 (Wed, 19 Mar 2008) | 2 lines Fix recent trunk breakage ................ r110237 | tilghman | 2008-03-20 01:06:12 -0400 (Thu, 20 Mar 2008) | 5 lines Upgrade the sounds version; add several directory enhancements: 1) Number of digits to enter can now be configured 2) The digits can now match on both first AND last name, instead of only one or the other (Closes issue ASTERISK-6965) ................ r110268 | russell | 2008-03-20 13:41:22 -0400 (Thu, 20 Mar 2008) | 27 lines Add some fixes that I made in regards to wideband codec handling to get G.722 music on hold working for me. (issue ASTERISK-11594, reported by milazzo and jsmith, patches by me) res/res_musiconhold.c: - I moved a single line so that the sample queue update happened before ast_write(). The reason that this was a bug is that the G.722 frame originally says it has 320 samples in it (which is correct). However, when the frame is written to a channel that uses RTP, main/rtp.c modifies the frame to cut the number of samples in half before it sends it on the wire. This is to account for the stupid incorrect G.722 spec that makes it so we have to lie about the number of samples with RTP. I should probably go and re-work the RTP code so it doesn't modify the frame so that a bug like this won't happen in the future. However, this change to MOH is harmless. main/channel.c: - I made two fixes in regards to generator timing. Generators use samples for timing. However, this code assumed 8 kHz samples. In one case, it was a hard coded 160 samples, that is now written as the sample rate / 50. The other place was dealing with timing a generator based on frames coming from the other direction. However, that would have only worked if the sample rates for the formats in both directions were the same. The code now takes into account that the sample rates may differ, and scales the generator samples accordingly. ................ r110270 | russell | 2008-03-20 13:45:29 -0400 (Thu, 20 Mar 2008) | 2 lines Remove astobj.h from some places where it wasn't needed ................ r110272 | mmichelson | 2008-03-20 14:01:36 -0400 (Thu, 20 Mar 2008) | 3 lines Add missing unlock ................ r110303 | russell | 2008-03-20 16:08:26 -0400 (Thu, 20 Mar 2008) | 8 lines Fix a bug when using zaptel timing for playing back files that have a sample rate other than 8 kHz. The issue here is that format modules give a "whennext" sample value, which is used to calculate when to set a timer for to retrieve the next frame. However, the zaptel timer operates on 8 kHz samples, so this must be taken into account. (another part of issue ASTERISK-11594, reported by milazzo and jsmith, patch by me) ................ r110337 | russell | 2008-03-20 17:55:50 -0400 (Thu, 20 Mar 2008) | 22 lines Merged revisions 110336 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ................ r110336 | russell | 2008-03-20 16:54:58 -0500 (Thu, 20 Mar 2008) | 14 lines Merged revisions 110335 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.2 ........ r110335 | russell | 2008-03-20 16:53:27 -0500 (Thu, 20 Mar 2008) | 6 lines Fix some very broken code that was introduced in 1.2.26 as a part of the security fix. The dnsmgr is not appropriate here. The dnsmgr takes a pointer to an address structure that a background thread continuously updates. However, in these cases, a stack variable was passed. That means that the dnsmgr thread would be continuously writing to bogus memory. ........ ................ ................ r110339 | russell | 2008-03-20 18:02:20 -0400 (Thu, 20 Mar 2008) | 3 lines Use the correct buffer for g722tolin16_sample. This shouldn't have caused any problems, but Qwell noticed the typo here. ................ r110396 | russell | 2008-03-20 19:14:13 -0400 (Thu, 20 Mar 2008) | 17 lines Merged revisions 110395 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110395 | russell | 2008-03-20 18:13:56 -0500 (Thu, 20 Mar 2008) | 9 lines Shorten the ast_waitfor() timeout from 500 ms to 50 ms in the autoservice thread. This really should not make a difference except in very rare cases. That case would be that all of the channels in autoservice are not generating any frames. In that case, this change reduces the potential amount of time that a thread waits in ast_autoservice_stop() for the autoservice thread to wrap back around to the beginning of its loop. (closes issue ASTERISK-11689, reported by dimas) ........ ................ r110444 | tilghman | 2008-03-20 21:44:38 -0400 (Thu, 20 Mar 2008) | 2 lines Add note of the added Directory options, from commit 110237 (closes issue ASTERISK-6965) ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=113924 By: Digium Subversion (svnbot) 2008-04-09 15:18:58 Repository: asterisk Revision: 113925 U team/group/NoLossCDR-Redux2/channels/chan_h323.c U team/group/NoLossCDR-Redux2/channels/chan_usbradio.c U team/group/NoLossCDR-Redux2/channels/misdn_config.c ------------------------------------------------------------------------ r113925 | juggie | 2008-04-09 15:18:55 -0500 (Wed, 09 Apr 2008) | 211 lines Merged revisions 110020,110023,110036,110084,110087,110132,110161,110164,110211,110237,110268,110270,110272,110303,110337,110339,110396,110444 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r110020 | file | 2008-03-19 14:25:33 -0400 (Wed, 19 Mar 2008) | 14 lines Merged revisions 110019 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110019 | file | 2008-03-19 15:20:28 -0300 (Wed, 19 Mar 2008) | 6 lines Make sure that the mark bit does not incorrectly cause video frame timestamps to be calculated as if they are audio frames. (closes issue ASTERISK-10940) Reported by: sperreault Patches: 11429-frametype.diff uploaded by qwell (license 4) ........ ................ r110023 | russell | 2008-03-19 14:57:16 -0400 (Wed, 19 Mar 2008) | 2 lines remove svnmerge-blocked property that is not supposed to be here ................ r110036 | file | 2008-03-19 15:13:39 -0400 (Wed, 19 Mar 2008) | 12 lines Merged revisions 110035 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110035 | file | 2008-03-19 16:11:33 -0300 (Wed, 19 Mar 2008) | 4 lines Add sanity checking for position resuming. We *have* to make sure that the position does not exceed the total number of files present, and we have to make sure that the position's filename is the same as previous. These values can change if a music class is reloaded and give unpredictable behavior. (closes issue ASTERISK-11136) Reported by: junky ........ ................ r110084 | mmichelson | 2008-03-19 16:34:13 -0400 (Wed, 19 Mar 2008) | 12 lines Merged revisions 110083 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110083 | mmichelson | 2008-03-19 15:33:03 -0500 (Wed, 19 Mar 2008) | 4 lines Add a missing unlock in the case that memory allocation fails in app_chanspy. Thanks to Russell for confirming that this was an issue. ........ ................ r110087 | jpeeler | 2008-03-19 17:05:24 -0400 (Wed, 19 Mar 2008) | 2 lines This change adds DNS manager support for registrations not referencing a peer entry. It looks like there is support for DNS manager for realtime peers as well, however it is not implemented correctly. The improper usage occurs when ast_dnsmgr_lookup is called with one of the arguments being an address from the stack to be continually updated. The variable from the stack will go out of scope and dnsmgr will continue to try and update the memory there, causing possible stack corruption. This problem will be worked on next as well as adding DNS manager support for peer entries. ................ r110132 | qwell | 2008-03-19 17:56:15 -0400 (Wed, 19 Mar 2008) | 1 line Rename very poorly named function to reflect what it actually does. This was causing quite a bit of confusion for me... ................ r110161 | qwell | 2008-03-19 18:25:34 -0400 (Wed, 19 Mar 2008) | 5 lines Rename DSP_FEATURE_DTMF_DETECT, because we are *NOT* only detecting DTMF digits. This was very misleading. Early cleanup for issue ASTERISK-11413 ................ r110164 | russell | 2008-03-19 18:58:33 -0400 (Wed, 19 Mar 2008) | 13 lines Merged revisions 110163 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110163 | russell | 2008-03-19 17:57:59 -0500 (Wed, 19 Mar 2008) | 5 lines Fix a bug where when calls on the trunk side hang up while on hold, the state is not properly reflected. (closes issue ASTERISK-11434, reported by anakaoka, patched by me) ........ ................ r110211 | tilghman | 2008-03-19 23:14:59 -0400 (Wed, 19 Mar 2008) | 2 lines Fix recent trunk breakage ................ r110237 | tilghman | 2008-03-20 01:06:12 -0400 (Thu, 20 Mar 2008) | 5 lines Upgrade the sounds version; add several directory enhancements: 1) Number of digits to enter can now be configured 2) The digits can now match on both first AND last name, instead of only one or the other (Closes issue ASTERISK-6965) ................ r110268 | russell | 2008-03-20 13:41:22 -0400 (Thu, 20 Mar 2008) | 27 lines Add some fixes that I made in regards to wideband codec handling to get G.722 music on hold working for me. (issue ASTERISK-11594, reported by milazzo and jsmith, patches by me) res/res_musiconhold.c: - I moved a single line so that the sample queue update happened before ast_write(). The reason that this was a bug is that the G.722 frame originally says it has 320 samples in it (which is correct). However, when the frame is written to a channel that uses RTP, main/rtp.c modifies the frame to cut the number of samples in half before it sends it on the wire. This is to account for the stupid incorrect G.722 spec that makes it so we have to lie about the number of samples with RTP. I should probably go and re-work the RTP code so it doesn't modify the frame so that a bug like this won't happen in the future. However, this change to MOH is harmless. main/channel.c: - I made two fixes in regards to generator timing. Generators use samples for timing. However, this code assumed 8 kHz samples. In one case, it was a hard coded 160 samples, that is now written as the sample rate / 50. The other place was dealing with timing a generator based on frames coming from the other direction. However, that would have only worked if the sample rates for the formats in both directions were the same. The code now takes into account that the sample rates may differ, and scales the generator samples accordingly. ................ r110270 | russell | 2008-03-20 13:45:29 -0400 (Thu, 20 Mar 2008) | 2 lines Remove astobj.h from some places where it wasn't needed ................ r110272 | mmichelson | 2008-03-20 14:01:36 -0400 (Thu, 20 Mar 2008) | 3 lines Add missing unlock ................ r110303 | russell | 2008-03-20 16:08:26 -0400 (Thu, 20 Mar 2008) | 8 lines Fix a bug when using zaptel timing for playing back files that have a sample rate other than 8 kHz. The issue here is that format modules give a "whennext" sample value, which is used to calculate when to set a timer for to retrieve the next frame. However, the zaptel timer operates on 8 kHz samples, so this must be taken into account. (another part of issue ASTERISK-11594, reported by milazzo and jsmith, patch by me) ................ r110337 | russell | 2008-03-20 17:55:50 -0400 (Thu, 20 Mar 2008) | 22 lines Merged revisions 110336 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ................ r110336 | russell | 2008-03-20 16:54:58 -0500 (Thu, 20 Mar 2008) | 14 lines Merged revisions 110335 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.2 ........ r110335 | russell | 2008-03-20 16:53:27 -0500 (Thu, 20 Mar 2008) | 6 lines Fix some very broken code that was introduced in 1.2.26 as a part of the security fix. The dnsmgr is not appropriate here. The dnsmgr takes a pointer to an address structure that a background thread continuously updates. However, in these cases, a stack variable was passed. That means that the dnsmgr thread would be continuously writing to bogus memory. ........ ................ ................ r110339 | russell | 2008-03-20 18:02:20 -0400 (Thu, 20 Mar 2008) | 3 lines Use the correct buffer for g722tolin16_sample. This shouldn't have caused any problems, but Qwell noticed the typo here. ................ r110396 | russell | 2008-03-20 19:14:13 -0400 (Thu, 20 Mar 2008) | 17 lines Merged revisions 110395 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r110395 | russell | 2008-03-20 18:13:56 -0500 (Thu, 20 Mar 2008) | 9 lines Shorten the ast_waitfor() timeout from 500 ms to 50 ms in the autoservice thread. This really should not make a difference except in very rare cases. That case would be that all of the channels in autoservice are not generating any frames. In that case, this change reduces the potential amount of time that a thread waits in ast_autoservice_stop() for the autoservice thread to wrap back around to the beginning of its loop. (closes issue ASTERISK-11689, reported by dimas) ........ ................ r110444 | tilghman | 2008-03-20 21:44:38 -0400 (Thu, 20 Mar 2008) | 2 lines Add note of the added Directory options, from commit 110237 (closes issue ASTERISK-6965) ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=113925 | ||