| Summary: | ASTERISK-13824: segfault following httpd_helper_thread -> generic_http_callback -> ast_str_append | ||
| Reporter: | Stuart Henderson (stuarth) | Labels: | |
| Date Opened: | 2009-03-25 07:05:29 | Date Closed: | 2009-09-24 09:32:19 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/ManagerInterface |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | A segfault was seen with this backtrace; #0 0x0041db93 in strlen () from /lib/tls/libc.so.6 #1 0x003f1741 in vfprintf () from /lib/tls/libc.so.6 #2 0x0040ef96 in vsnprintf () from /lib/tls/libc.so.6 #3 0x0813d1e2 in __ast_str_helper (buf=0xb6d55ba4, max_len=0, append=1, fmt=0x817d4eb "%s", ap=0xb6d55b1c "") at utils.c:1746 #4 0x0813d3df in ast_str_append (buf=0xb7d80000, max_len=3084386304, fmt=0xb7d80000 <Address 0xb7d80000 out of bounds>) at /usr/src/asterisk-1.6.1-svn/asterisk-1.6.1/include/asterisk/strings.h:642 ASTERISK-1 0x080e37ac in generic_http_callback (format=FORMAT_RAW, remote_address=0xb6cb46f0, uri=0xb6d57214 "", method=AST_HTTP_GET, params=0x86e70a0, status=0xb6d55eb8, title=0xb6d55eb4, contentlength=0xb6d55eb0) at manager.c:3883 ASTERISK-2 0x080cdc00 in httpd_helper_thread (data=0xb6cb46e0) at http.c:559 ASTERISK-3 0x0813054e in handle_tls_connection (data=0xb6cb46e0) at tcptls.c:219 ASTERISK-4 0x0813b8b5 in dummy_start (data=0x0) at utils.c:968 ASTERISK-5 0x005273cc in start_thread () from /lib/tls/libpthread.so.0 ASTERISK-6 0x0047f96e in clone () from /lib/tls/libc.so.6 (gdb) frame 5 ASTERISK-1 0x080e37ac in generic_http_callback (format=FORMAT_RAW, remote_address=0xb6cb46f0, uri=0xb6d57214 "", method=AST_HTTP_GET, params=0x86e70a0, status=0xb6d55eb8, title=0xb6d55eb4, contentlength=0xb6d55eb0) at manager.c:3883 3883 ast_str_append(&out, 0, "%s", buf); (gdb) print *params $1 = {name = 0x86e70c8 "action", value = 0x86e70cf "status", next = 0x1da95818, file = 0x86e70d6 "", lineno = 0, object = 0, blanklines = 0, precomments = 0x0, sameline = 0x0, trailing = 0x0, stuff = 0x86e70c8 "action"} (gdb) print *status $2 = 200 (gdb) print *title $3 = 0x0 (gdb) print *contentlength $4 = 0 (gdb) print buf $5 = 0xb7d7e000 "Response: Success\r\nMessage: Channel status will follow\r\n\r\nEvent: Status\r\nPrivilege: Call\r\nChannel: SIP/164-18997d38\r\nCallerIDNum: 1237981299.50891\r\nCallerIDName: anonymous\r\nAccount: \r\nState: Ringing\r\n"... is there anything else that might be relevant to tracking this down? | ||
| Comments: | By: David Vossel (dvossel) 2009-07-20 10:48:48 what OS are you using? By: Stuart Henderson (stuarth) 2009-07-20 12:16:27 that machine is running on centos 4. By: David Vossel (dvossel) 2009-08-20 14:23:48 this was resolved in r189422 of 1.6.1 | ||