Summary: | ASTERISK-15538: coredump on T.38 Session with 1.6.2.1 | ||
Reporter: | Lorenz Barth (bartpbx) | Labels: | |
Date Opened: | 2010-01-28 04:29:41.000-0600 | Date Closed: | 2010-02-02 16:33:00.000-0600 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/T.38 |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | We are currently again evaluation T.38 via Asterisk. We see the following coredump for every t.38 Session: #0 ast_udptl_write (s=0xb5d5a300, f=0x9af9f28) at udptl.c:1065 1065 len = udptl_build_packet(s, buf, sizeof(buf), f->data.ptr, len); bt: #0 ast_udptl_write (s=0xb5d5a300, f=0x9af9f28) at udptl.c:1065 #1 0xb6b4dfa2 in sip_write (ast=0xb60f0c68, frame=0x9af9f28) at chan_sip.c:6291 #2 0x0809dbb8 in ast_write (chan=0xb60f0c68, fr=0x9af9f28) at channel.c:3487 #3 0x08117492 in bridge_p2p_loop (c0=0xb60f0c68, c1=0x98c5410, p0=0xb5d00018, p1=0x99a10b8, timeoutms=-1, flags=<value optimized out>, fo=0xb5f43e78, rc=0xb5f43e74, pvt0=0xb5e5ebc8, pvt1=0x99ff440) at rtp.c:4350 #4 0x08120e95 in ast_rtp_bridge (c0=0xb60f0c68, c1=0x98c5410, flags=0, fo=0xb5f43e78, rc=0xb5f43e74, timeoutms=-1) at rtp.c:4554 ASTERISK-1 0x080a20ea in ast_channel_bridge (c0=0xb60f0c68, c1=0x98c5410, config=0xb5f44cfc, fo=0xb5f43e78, rc=0xb5f43e74) at channel.c:5186 ASTERISK-2 0x080c73df in ast_bridge_call (chan=0xb60f0c68, peer=0x98c5410, config=0xb5f44cfc) at features.c:2585 ASTERISK-3 0xb6a6ee6b in dial_exec_full (chan=0xb60f0c68, data=0xb5f46f14, peerflags=0xb5f44e50, continue_exec=0x0) at app_dial.c:2258 ASTERISK-4 0xb6a72bcd in dial_exec (chan=0xb60f0c68, data=0xb5f46f14) at app_dial.c:2342 ASTERISK-5 0x08105457 in pbx_exec (c=0xb60f0c68, app=0xb7b66030, data=0xb5f46f14) at pbx.c:1348 ASTERISK-6 0x08110206 in pbx_extension_helper (c=0xb60f0c68, con=0x0, context=0xb60f0ed8 "local", exten=0xb60f0f28 "<destination>", priority=1, label=0x0, callerid=0xb5e303f0 "<account>", action=E_SPAWN, found=0xb5f49348, combined_find_spawn=1) at pbx.c:3706 ASTERISK-7 0x0811257d in __ast_pbx_run (c=0xb60f0c68, args=0x0) at pbx.c:4165 ASTERISK-8 0x08113df0 in pbx_thread (data=0xb60f0c68) at pbx.c:4542 ASTERISK-9 0x081538cb in dummy_start (data=0xb60793e0) at utils.c:968 ASTERISK-10 0xb7dbc4c0 in start_thread () from /lib/i686/cmov/libpthread.so.0 ASTERISK-11 0xb7eb46de in clone () from /lib/i686/cmov/libc.so.6 | ||
Comments: | By: Raivis Rengelis (raivisr) 2010-01-28 06:19:40.000-0600 Most likely reason is the same as for bug 0016634, remote end does not send T38FaxMaxDatagram attribute in sdp, asterisk does not initialize far_max_datagram to a reasonable value and tries to allocate buffer with -1 bytes. Please try hack posted on https://issues.asterisk.org/view.php?id=16634 By: Leif Madsen (lmadsen) 2010-01-28 10:06:55.000-0600 I believe this is a duplicate issue of 1 or more currently open issues, so I'm going to close this for now. I've associated the duplicate issues here. By: Leif Madsen (lmadsen) 2010-01-28 10:14:14.000-0600 OK, marking this as private now that it is assigned to dvossel. This is definitely a duplicate of the other open issues, which are currently being worked on by dvossel as this is considered a security issue. By: Digium Subversion (svnbot) 2010-02-02 16:27:25.000-0600 Repository: asterisk Revision: 244443 U trunk/channels/chan_sip.c U trunk/include/asterisk/udptl.h U trunk/main/udptl.c ------------------------------------------------------------------------ r244443 | dvossel | 2010-02-02 16:27:24 -0600 (Tue, 02 Feb 2010) | 18 lines fixes crash during T.38 negotiation caused by invalid or missing FaxMaxDatagram field AST-2010-001 (closes issue ASTERISK-15457) Reported by: krn (closes issue ASTERISK-15538) Reported by: barthpbx (closes issue ASTERISK-15371) Reported by: bklang (closes issue ASTERISK-15343) Reported by: elsto ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=244443 By: Digium Subversion (svnbot) 2010-02-02 16:29:40.000-0600 Repository: asterisk Revision: 244445 _U branches/1.6.2/ U branches/1.6.2/channels/chan_sip.c U branches/1.6.2/include/asterisk/udptl.h U branches/1.6.2/main/udptl.c ------------------------------------------------------------------------ r244445 | dvossel | 2010-02-02 16:29:38 -0600 (Tue, 02 Feb 2010) | 23 lines Merged revisions 244443 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r244443 | dvossel | 2010-02-02 16:27:23 -0600 (Tue, 02 Feb 2010) | 18 lines fixes crash during T.38 negotiation caused by invalid or missing FaxMaxDatagram field AST-2010-001 (closes issue ASTERISK-15457) Reported by: krn (closes issue ASTERISK-15538) Reported by: barthpbx (closes issue ASTERISK-15371) Reported by: bklang (closes issue ASTERISK-15343) Reported by: elsto ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=244445 By: Digium Subversion (svnbot) 2010-02-02 16:31:32.000-0600 Repository: asterisk Revision: 244446 _U branches/1.6.1/ U branches/1.6.1/channels/chan_sip.c U branches/1.6.1/include/asterisk/udptl.h U branches/1.6.1/main/udptl.c ------------------------------------------------------------------------ r244446 | dvossel | 2010-02-02 16:31:30 -0600 (Tue, 02 Feb 2010) | 23 lines Merged revisions 244443 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r244443 | dvossel | 2010-02-02 16:27:23 -0600 (Tue, 02 Feb 2010) | 18 lines fixes crash during T.38 negotiation caused by invalid or missing FaxMaxDatagram field AST-2010-001 (closes issue ASTERISK-15457) Reported by: krn (closes issue ASTERISK-15538) Reported by: barthpbx (closes issue ASTERISK-15371) Reported by: bklang (closes issue ASTERISK-15343) Reported by: elsto ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=244446 By: Digium Subversion (svnbot) 2010-02-02 16:32:58.000-0600 Repository: asterisk Revision: 244447 _U branches/1.6.0/ U branches/1.6.0/channels/chan_sip.c U branches/1.6.0/include/asterisk/udptl.h U branches/1.6.0/main/udptl.c ------------------------------------------------------------------------ r244447 | dvossel | 2010-02-02 16:32:56 -0600 (Tue, 02 Feb 2010) | 23 lines Merged revisions 244443 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r244443 | dvossel | 2010-02-02 16:27:23 -0600 (Tue, 02 Feb 2010) | 18 lines fixes crash during T.38 negotiation caused by invalid or missing FaxMaxDatagram field AST-2010-001 (closes issue ASTERISK-15457) Reported by: krn (closes issue ASTERISK-15538) Reported by: barthpbx (closes issue ASTERISK-15371) Reported by: bklang (closes issue ASTERISK-15343) Reported by: elsto ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=244447 |