| Summary: | ASTERISK-25170: Segfault in call to vsnprintf from astman_append | ||
| Reporter: | xavier Collet (xcbAvencall) | Labels: | |
| Date Opened: | 2015-06-18 10:00:27 | Date Closed: | 2015-06-18 14:47:34 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Applications/app_queue Core/ManagerInterface |
| Versions: | 11.17.0 | Frequency of Occurrence | One Time |
| Related Issues: | |||
| Environment: | VM debian call-center | Attachments: | |
| Description: | We had a segfault on an asterisk 11.17.0. Here's the backtrace of the thread which caused the segfault:
{code} #0 0xb76b6da6 in _IO_default_xsputn () from /lib/i386-linux-gnu/libc.so.6 #1 0xb7689b63 in vfprintf () from /lib/i386-linux-gnu/libc.so.6 #2 0xb7731fc4 in __vsnprintf_chk () from /lib/i386-linux-gnu/libc.so.6 #3 0x081f1b26 in vsnprintf (__ap=0xb1832618 "rݖ\264$\016k\262\344\fk\262\324\rk\262\067y\341\265\001", __fmt=0xb5e18e50 "Event: QueueMember\r\nQueue: %s\r\nName: %s\r\nLocation: %s\r\nStateInterface: %s\r\nMembership: %s\r\nPenalty: %d\r\nCallsTaken: %d\r\nLastCall: %d\r\nStatus: %d\r\nPaused: %d\r\nSkills: %s\r\n%s\r\n", __n=<optimized out>, __s=<optimized out>) at /usr/include/i386-linux-gnu/bits/stdio2.h:78 #4 __ast_str_helper (buf=buf@entry=0xb18325ec, max_len=max_len@entry=0, append=append@entry=0, fmt=fmt@entry=0xb5e18e50 "Event: QueueMember\r\nQueue: %s\r\nName: %s\r\nLocation: %s\r\nStateInterface: %s\r\nMembership: %s\r\nPenalty: %d\r\nCallsTaken: %d\r\nLastCall: %d\r\nStatus: %d\r\nPaused: %d\r\nSkills: %s\r\n%s\r\n", ap=ap@entry=0xb1832618 "rݖ\264$\016k\262\344\fk\262\324\rk\262\067y\341\265\001") at strings.c:76 #5 0x08172729 in ast_str_set_va (ap=0xb1832618 "rݖ\264$\016k\262\344\fk\262\324\rk\262\067y\341\265\001", fmt=0xb5e18e50 "Event: QueueMember\r\nQueue: %s\r\nName: %s\r\nLocation: %s\r\nStateInterface: %s\r\nMembership: %s\r\nPenalty: %d\r\nCallsTaken: %d\r\nLastCall: %d\r\nStatus: %d\r\nPaused: %d\r\nSkills: %s\r\n%s\r\n", max_len=0, buf=0xb18325ec) at asterisk-11.17.0/include/asterisk/strings.h:803 #6 astman_append (s=s@entry=0xb1832cf8, fmt=fmt@entry=0xb5e18e50 "Event: QueueMember\r\nQueue: %s\r\nName: %s\r\nLocation: %s\r\nStateInterface: %s\r\nMembership: %s\r\nPenalty: %d\r\nCallsTaken: %d\r\nLastCall: %d\r\nStatus: %d\r\nPaused: %d\r\nSkills: %s\r\n%s\r\n") at manager.c:2268 #7 0xb5df3a69 in manager_queues_status (s=0xb1832cf8, m=0xb1832af4) at app_queue.c:10027 #8 0x0817b9d0 in process_message (s=s@entry=0xb1832cf8, m=m@entry=0xb1832af4) at manager.c:5284 #9 0x0817eec9 in do_message (s=0xb1832cf8) at manager.c:5497 #10 session_do (data=0xb4347a7c) at manager.c:5618 #11 0x081f68e3 in handle_tcptls_connection (data=data@entry=0xb4347a7c) at tcptls.c:684 #12 0x0820472f in dummy_start (data=0xb49fe0d0) at utils.c:1223 #13 0xb720d954 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0 #14 0xb771ec8e in clone () from /lib/i386-linux-gnu/libc.so.6 {code} The app_queue on this asterisk is slightly modified to add a "skill" attribute in the struct member, the attribute is an array, similar to the "interface" attribute. This is not a systematic problem, i.e. there's a lot of AMI "queue status" done on this asterisk and it segfaulted only one time. We don't know how to reproduce it. I have not included the whole backtrace since this happened on a production server and there is quite a lot of private information in it. Thank you | ||
| Comments: | By: Rusty Newton (rnewton) 2015-06-18 14:47:34.716-0500 [~jrose] assisted me in triaging this issue since we don't have a way to reproduce. Jrose's analysis of the trace didn't find anything leading to a cause. Unfortunately to further investigate we would require additional debug or a method of reproduction. I'll suspend the issue until we get further information as we don't have a way to pursue the issue. Feel free to contact a bug marshal in #asterisk-bugs on irc.freenode.net when you have further information. At that point we can reopen the issue. | ||