Summary:ASTERISK-19435: Asterisk segfaults in app_alarmreceiver
Reporter:Deon George (leenooks)Labels:
Date Opened:2012-02-27 21:16:54.000-0600Date Closed:2012-09-05 11:04:07
Versions: Frequency of
Environment:Linux Centos 5.7 (updated) (32bit) Asterisk (from asterisk-1.8 repos) (Problem also existed on 1.6.2)Attachments:( 0) 0001-Fix-bug-ASTERISK-19435.patch
( 1) asterisk-alarmreceiver.patch
Description:App alarm receive causes an asterisk segfault when receiving an alarm from an alarm panel.

Core was generated by `/usr/sbin/asterisk -f -U asterisk -G asterisk -vvvg -c'.
Program terminated with signal 11, Segmentation fault.
#0  0x008d9979 in strcasecmp () from /lib/libc.so.6
(gdb) bt
#0  0x008d9979 in strcasecmp () from /lib/libc.so.6
#1  0x080b936c in ast_write ()
#2  0x00d5a64d in send_tone_burst (chan=0x9649cc8, freq=1400, duration=100, tldn=2048) at app_alarmreceiver.c:212
#3  0x00d5b2b5 in receive_ademco_contact_id (chan=0x9649cc8, data=0x81be1de "") at app_alarmreceiver.c:450
#4  alarmreceiver_exec (chan=0x9649cc8, data=0x81be1de "") at app_alarmreceiver.c:615
#5  0x081405db in pbx_exec ()
#6  0x081512ed in pbx_extension_helper ()
#7  0x0815469f in __ast_pbx_run ()
#8  0x08157230 in pbx_thread ()
#9  0x081946ab in dummy_start ()
#10 0x0038d832 in start_thread () from /lib/libpthread.so.0
#11 0x0093a46e in clone () from /lib/libc.so.6

From what I can see, the problem could be that fr->src is used in ast_write() {strcasecmp(fr->src, "ast_prod")}, however fr->src (which is wf->src) is not set in app_alarmreceiver.c.

This seems to be introduced in changeset 276652
Comments:By: Deon George (leenooks) 2012-02-28 00:54:07.023-0600

Fixes segfault in app_alarmreciever

By: Deon George (leenooks) 2012-02-28 00:55:26.212-0600

I fixed this problem with the attached patch (basically setting wf.src = "" before calling ast_write().

By: Matt Jordan (mjordan) 2012-03-13 08:52:49.678-0500

Deon: since app_alarmreceiver is an extended support module, patches for it are typically handled by the Asterisk community.  You may want to see if someone with commit access on #asterisk-dev or on the developer mailing list would be willing to take a look at your patch and confirm that it is the correct fix for this problem, and commit it.

By: Kaloyan Kovachev (knk) 2012-03-15 06:20:44.172-0500

I think the correct fix should be to revert 276652 and replace it with:
if (chan->generatordata && fr->src && strcasecmp(fr->src, "ast_prod")) {

It looks strange to skip all frame processing and treat it as ast_prod when fr->src is NULL

By: Pedro Kiefer (pedrokiefer) 2012-07-20 11:40:51.585-0500

I've send another patch to the mailing list. Using the same structure as app_fax, app_festival and app_mp3.

By: Pedro Kiefer (pedrokiefer) 2012-07-20 12:19:30.383-0500

Set ast_frame.src to __FUNCTION__ as per app_fax, app_festival and app_mp3.