|Summary:||ASTERISK-24616: Crash in res_format_attr_h264 due to invalid string copy|
|Reporter:||Yura Kocyuba (yurakocyuba)||Labels:|
|Date Opened:||2014-12-13 06:45:00.000-0600||Date Closed:||2015-01-31 10:32:30.000-0600|
|Versions:||13.0.1 13.0.2 13.1.0||Frequency of|
|Environment:||Centos 6.6 under openvz.||Attachments:||( 0) backtrace_last.txt|
( 1) backtrace13.txt
( 2) full
|Description:||Asterisk goes down with segfault message|
|Comments:||By: Matt Jordan (mjordan) 2014-12-15 11:30:18.809-0600|
We require a complete debug log to help triage the issue. This document will provide instructions on how to collect debugging logs from an Asterisk machine for the purpose of helping bug marshals troubleshoot an issue: https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information
While the backtrace does show where the crash is occurring, it'd be good to know the SIP message traffic involved with the crash. Please provide a debug log using the instructions previously mentioned with 'sip set debug on' enabled, showing the messages received leading up to the crash. Thanks!
By: Yura Kocyuba (yurakocyuba) 2014-12-15 15:18:13.527-0600
Thank you for advice. I'm going to catch this SIP messages.
By: Yura Kocyuba (yurakocyuba) 2014-12-16 09:22:29.077-0600
I've attached new backtrace file and sip debug log file.
By: Rusty Newton (rnewton) 2015-01-08 08:44:00.288-0600
#0 0x08207db6 in ast_copy_string (dst=0xb6a19138 "", src=0x50 <Address 0x50 out of bounds>, size=16) at /usr/src/asterisk-13.1.0/include/asterisk/strings.h:327
Are you using 13.0.1 or 13.1.0?
Can you verify you are reproducing in the latest 13. If possibly, try the 13 SVN branch and tell us which revision you are using.
[Edit - I see in your log that you are using 13.1.0 as well]
By: Rusty Newton (rnewton) 2015-01-08 08:47:31.542-0600
Your full log attached only included the SIP trace and not all the other log channels. Please follow the instructions again and collect a full log with the SIP trace and all available log channels including 'VERBOSE' and 'DEBUG' turned up to 5 or above. Thanks!
By: Yura Kocyuba (yurakocyuba) 2015-01-12 09:16:30.471-0600
This issue was reproduced on 13.0.1 ,13.02 and 13.1.0 versions of Asterisk. I'll try to reproduce one on the latest revision