Summary: | ASTERISK-12301: [patch] Using VoiceMail() with IMAP when cid_num or cid_name is blank always leads to segfault | ||
Reporter: | Andrei Tanas (andrew53) | Labels: | |
Date Opened: | 2008-07-02 20:50:19 | Date Closed: | 2008-07-03 15:04:30 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Applications/app_voicemail |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) voicemail_imap_nullpointer.patch | |
Description: | If VoiceMail() is called for a caller with blank callerid number or name and IMAP is used for storage, using S_OR macro in make_email_file() call will lead to null pointer dereference and segfault in strip_control(). ****** ADDITIONAL INFORMATION ****** Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x404dd950 (LWP 21518)] 0x00007fbafa321526 in strip_control (input=0x0, buf=0x404cd6d0 "", buflen=256) at app_voicemail.c:709 709 for (; *input; input++) { (gdb) bt #0 0x00007fbafa321526 in strip_control (input=0x0, buf=0x404cd6d0 "", buflen=256) at app_voicemail.c:709 #1 0x00007fbafa324fda in make_email_file (p=0x945b60, srcemail=0x7fbafa559520 "asterisk", vmu=0x404d7840, msgnum=0, context=0x404d7840 "default", mailbox=0x404d7890 "3000", cidnum=0x7fbb08048040 "andrei", cidname=0x0, attach=0x404cef20 "/var/spool/asterisk/voicemail/default/3000/INBOX/msg0000", attach2=0x404cdf20 "", format=0x7fbafa34bd52 "WAV", duration=1, attach_user_voicemail=1, chan=0x7fbb08048a50, category=0x0, imap=1, flag=0x404d8490 "") at app_voicemail.c:2437 #2 0x00007fbafa3284a4 in imap_store_file (dir=0x404d42f0 "/var/spool/asterisk/voicemail/default/3000/INBOX", mailboxuser=0x404d7890 "3000", mailboxcontext=0x404d7840 "default", msgnum=0, chan=0x7fbb08048a50, vmu=0x404d7840, fmt=0x7fbafa34bd52 "WAV", duration=1, vms=0x936b50, introfile=0x0, flag=0x404d8490 "") at app_voicemail.c:3154 #3 0x00007fbafa32c4f5 in leave_voicemail (chan=0x7fbb08048a50, ext=0x404d7d90 "3000", options=0x404d8660) at app_voicemail.c:4140 #4 0x00007fbafa33db99 in vm_exec (chan=0x7fbb08048a50, data=0x404dad60) at app_voicemail.c:8735 ASTERISK-1 0x00000000004d3f27 in pbx_exec (c=0x7fbb08048a50, app=0x932b40, data=0x404dad60) at pbx.c:747 ASTERISK-2 0x00000000004dcc03 in pbx_extension_helper (c=0x7fbb08048a50, con=0x0, context=0x7fbb0804999a "local_phone", exten=0x7fbb080499ea "*981", priority=3, label=0x0, callerid=0x7fbb08048040 "andrei", action=E_SPAWN, found=0x404dcf1c, combined_find_spawn=1) at pbx.c:2986 ASTERISK-3 0x00000000004de28c in ast_spawn_extension (c=0x7fbb08048a50, context=0x7fbb0804999a "local_phone", exten=0x7fbb080499ea "*981", priority=3, callerid=0x7fbb08048040 "andrei", found=0x404dcf1c, combined_find_spawn=1) at pbx.c:3420 ASTERISK-4 0x00000000004deb53 in __ast_pbx_run (c=0x7fbb08048a50) at pbx.c:3521 ASTERISK-5 0x00000000004e02d3 in pbx_thread (data=0x7fbb08048a50) at pbx.c:3801 ASTERISK-6 0x000000000053f303 in dummy_start (data=0x7fbb0804c010) at utils.c:1024 ASTERISK-7 0x00007fbb0f2ab3f7 in start_thread () from /lib/libpthread.so.0 ASTERISK-8 0x00007fbb0f79cb2d in clone () from /lib/libc.so.6 ASTERISK-9 0x0000000000000000 in ?? () | ||
Comments: | By: Andrei Tanas (andrew53) 2008-07-02 20:53:59 The attached patch fixes the issue |