[Home]

Summary:ASTERISK-16025: [patch] Long hints make asterisk crash
Reporter:Tim Ringenbach at Asteria Solutions Group (tim_ringenbach)Labels:
Date Opened:2010-04-28 11:17:06Date Closed:2010-08-31 13:27:09
Priority:CriticalRegression?No
Status:Closed/CompleteComponents:Core/General
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) hints_crash_fix.diff
Description:Someone made a hint too long and asterisk started crashing. I tracked it down to pbx.c using AST_MAX_EXTENSION for the length of all the devices combined, which seems wrong to me. I changed it to use ast_strdupa to avoid the length issue.

****** ADDITIONAL INFORMATION ******

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f04892906e0 (LWP 8791)]
0x00000000004d1f10 in ast_copy_string (dst=0x8094d8 "", src=0x0, size=256) at /usr/src/asterisk-1.4.30-build-ast16974/include/asterisk/strings.h:169
169 AST_INLINE_API(
(gdb) bt
#0  0x00000000004d1f10 in ast_copy_string (dst=0x8094d8 "", src=0x0, size=256) at /usr/src/asterisk-1.4.30-build-ast16974/include/asterisk/strings.h:169
#1  0x000000000045bc69 in getproviderstate (provider=0x7fff8df781f0 "S", address=0x0) at devicestate.c:275
#2  0x000000000045b6ea in ast_device_state (device=0x7fff8df7830e "S") at devicestate.c:174
#3  0x000000000048b6fd in ast_extension_state2 (e=0x8093b0) at pbx.c:1976
#4  0x000000000048be95 in ast_add_hint (e=0x8093b0) at pbx.c:2192
ASTERISK-1  0x0000000000492fc2 in ast_add_extension2 (con=0x803d20, replace=0, extension=0x7fff8df7b540 "7373", priority=-1, label=0x0, callerid=0x0,
   application=0x80934a "Local/124@agent_queue/n&SIP/7373&SIP/7373home&Zap/109&SIP/pskerrett_softphone&SIP/7373dc", data=0x8091d0,
   datad=0x412f80 <free@plt>, registrar=0x7f0484f793b1 "pbx_config") at pbx.c:4902
ASTERISK-2  0x00007f0484f78660 in pbx_load_config (config_file=0x7f0484f793a1 "extensions.conf") at pbx_config.c:2304
ASTERISK-3  0x00007f0484f79226 in pbx_load_module () at pbx_config.c:2461
ASTERISK-4  0x00007f0484f79296 in load_module () at pbx_config.c:2478
ASTERISK-5  0x0000000000477054 in load_resource (resource_name=0x789390 "pbx_config.so", load_pass=LOAD_ALL) at loader.c:803
ASTERISK-6 0x0000000000477970 in load_modules (preload_only=0) at loader.c:1006
ASTERISK-7 0x000000000042f51e in main (argc=2, argv=0x7fff8df7bef8) at asterisk.c:3175
Comments:By: Leif Madsen (lmadsen) 2010-04-30 10:51:06

Thanks for the patch! We'll get a developer to review this as soon as possible.

By: Mark Michelson (mmichelson) 2010-05-17 16:42:55

This seems solid to me. Thanks for the patch! When trying to comprehend why the crash was occurring, this also exposed a logic error in devicestate.c. I will fix these problems in separate commits.

By: Digium Subversion (svnbot) 2010-05-17 16:48:46

Repository: asterisk
Revision: 263637

U   branches/1.4/main/pbx.c

------------------------------------------------------------------------
r263637 | mmichelson | 2010-05-17 16:48:46 -0500 (Mon, 17 May 2010) | 8 lines

Remove arbitrary size limitation for hints.

(closes issue ASTERISK-16025)
Reported by: tim_ringenbach
Patches:
     hints_crash_fix.diff uploaded by tim ringenbach (license 540)


------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=263637

By: Digium Subversion (svnbot) 2010-05-17 16:56:42

Repository: asterisk
Revision: 263638

_U  trunk/

------------------------------------------------------------------------
r263638 | mmichelson | 2010-05-17 16:56:41 -0500 (Mon, 17 May 2010) | 13 lines

Blocked revisions 263637 via svnmerge

........
 r263637 | mmichelson | 2010-05-17 16:48:46 -0500 (Mon, 17 May 2010) | 8 lines
 
 Remove arbitrary size limitation for hints.
 
 (closes issue ASTERISK-16025)
 Reported by: tim_ringenbach
 Patches:
       hints_crash_fix.diff uploaded by tim ringenbach (license 540)
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=263638