Summary: | ASTERISK-16025: [patch] Long hints make asterisk crash | ||
Reporter: | Tim Ringenbach at Asteria Solutions Group (tim_ringenbach) | Labels: | |
Date Opened: | 2010-04-28 11:17:06 | Date Closed: | 2010-08-31 13:27:09 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) hints_crash_fix.diff | |
Description: | Someone made a hint too long and asterisk started crashing. I tracked it down to pbx.c using AST_MAX_EXTENSION for the length of all the devices combined, which seems wrong to me. I changed it to use ast_strdupa to avoid the length issue. ****** ADDITIONAL INFORMATION ****** Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f04892906e0 (LWP 8791)] 0x00000000004d1f10 in ast_copy_string (dst=0x8094d8 "", src=0x0, size=256) at /usr/src/asterisk-1.4.30-build-ast16974/include/asterisk/strings.h:169 169 AST_INLINE_API( (gdb) bt #0 0x00000000004d1f10 in ast_copy_string (dst=0x8094d8 "", src=0x0, size=256) at /usr/src/asterisk-1.4.30-build-ast16974/include/asterisk/strings.h:169 #1 0x000000000045bc69 in getproviderstate (provider=0x7fff8df781f0 "S", address=0x0) at devicestate.c:275 #2 0x000000000045b6ea in ast_device_state (device=0x7fff8df7830e "S") at devicestate.c:174 #3 0x000000000048b6fd in ast_extension_state2 (e=0x8093b0) at pbx.c:1976 #4 0x000000000048be95 in ast_add_hint (e=0x8093b0) at pbx.c:2192 ASTERISK-1 0x0000000000492fc2 in ast_add_extension2 (con=0x803d20, replace=0, extension=0x7fff8df7b540 "7373", priority=-1, label=0x0, callerid=0x0, application=0x80934a "Local/124@agent_queue/n&SIP/7373&SIP/7373home&Zap/109&SIP/pskerrett_softphone&SIP/7373dc", data=0x8091d0, datad=0x412f80 <free@plt>, registrar=0x7f0484f793b1 "pbx_config") at pbx.c:4902 ASTERISK-2 0x00007f0484f78660 in pbx_load_config (config_file=0x7f0484f793a1 "extensions.conf") at pbx_config.c:2304 ASTERISK-3 0x00007f0484f79226 in pbx_load_module () at pbx_config.c:2461 ASTERISK-4 0x00007f0484f79296 in load_module () at pbx_config.c:2478 ASTERISK-5 0x0000000000477054 in load_resource (resource_name=0x789390 "pbx_config.so", load_pass=LOAD_ALL) at loader.c:803 ASTERISK-6 0x0000000000477970 in load_modules (preload_only=0) at loader.c:1006 ASTERISK-7 0x000000000042f51e in main (argc=2, argv=0x7fff8df7bef8) at asterisk.c:3175 | ||
Comments: | By: Leif Madsen (lmadsen) 2010-04-30 10:51:06 Thanks for the patch! We'll get a developer to review this as soon as possible. By: Mark Michelson (mmichelson) 2010-05-17 16:42:55 This seems solid to me. Thanks for the patch! When trying to comprehend why the crash was occurring, this also exposed a logic error in devicestate.c. I will fix these problems in separate commits. By: Digium Subversion (svnbot) 2010-05-17 16:48:46 Repository: asterisk Revision: 263637 U branches/1.4/main/pbx.c ------------------------------------------------------------------------ r263637 | mmichelson | 2010-05-17 16:48:46 -0500 (Mon, 17 May 2010) | 8 lines Remove arbitrary size limitation for hints. (closes issue ASTERISK-16025) Reported by: tim_ringenbach Patches: hints_crash_fix.diff uploaded by tim ringenbach (license 540) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=263637 By: Digium Subversion (svnbot) 2010-05-17 16:56:42 Repository: asterisk Revision: 263638 _U trunk/ ------------------------------------------------------------------------ r263638 | mmichelson | 2010-05-17 16:56:41 -0500 (Mon, 17 May 2010) | 13 lines Blocked revisions 263637 via svnmerge ........ r263637 | mmichelson | 2010-05-17 16:48:46 -0500 (Mon, 17 May 2010) | 8 lines Remove arbitrary size limitation for hints. (closes issue ASTERISK-16025) Reported by: tim_ringenbach Patches: hints_crash_fix.diff uploaded by tim ringenbach (license 540) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=263638 |