Summary: | ASTERISK-18909: Infinite loop in dialplan pattern parsing | ||
Reporter: | Luke-Jr (luke-jr) | Labels: | |
Date Opened: | 2011-11-22 13:30:37.000-0600 | Date Closed: | 2011-12-08 19:30:16.000-0600 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Core/PBX |
Versions: | 1.6.2.15 10.0.0-rc2 | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | Attachments: | ||
Description: | Inside a character range (ie, '[' CHARS ']'), in a dialplan pattern (ie, '_' CHARS), if a backslash ('\') is followed by any character other than a backslash, close-bracket (']'), dash ('-'), or open-bracket ('['), the Asterisk thread will loop indefinitely, since it never moves on to the next character of the pattern. This affect's Debian's 1.6.2.9 as well as the current 1.0.0-rc2, and I presume every version in between. | ||
Comments: | By: Luke-Jr (luke-jr) 2011-11-22 13:32:11.948-0600 Relevant backtrace from 1.6.2.9 (the pattern is '_![\|]!'): Thread 2 (Thread 0xb4fc9b70 (LWP 10970)): #0 add_exten_to_pattern_tree (con=<value optimized out>, e1=<value optimized out>, findonly=<value optimized out>) at pbx.c:1910 #1 0x080ef93e in create_match_char_tree (chan=0x0, bypass=0x0, q=0xb4fc7f6c, context=0xa30159c "GSIP", exten=0xa3015ec "a|b", priority=1, label=0x0, callerid=0xa34ebe0 "14022181954", action=E_MATCH) at pbx.c:2015 #2 pbx_find_extension (chan=0x0, bypass=0x0, q=0xb4fc7f6c, context=0xa30159c "GSIP", exten=0xa3015ec "a|b", priority=1, label=0x0, callerid=0xa34ebe0 "14022181954", action=E_MATCH) at pbx.c:2537 #3 0x080f1aa3 in pbx_extension_helper (c=0x0, con=<value optimized out>, context=<value optimized out>, exten=0xa3015ec "a|b", priority=1, label=0x0, callerid=0xa34ebe0 "14022181954", action=E_MATCH, found=0x0, combined_find_spawn=0) at pbx.c:3663 #4 0x080f2dd7 in ast_exists_extension (c=0x0, context=0xa30159c "GSIP", exten=0xa3015ec "a|b", priority=1, callerid=0xa34ebe0 "14022181954") at pbx.c:4156 ... By: Luke-Jr (luke-jr) 2011-11-22 13:33:30.114-0600 context testcase { _![\|]! => NoOP(); }; By: Luke-Jr (luke-jr) 2011-12-08 19:38:05.714-0600 Which versions will this fix be part of? 10.0 and which backports? By: Richard Mudgett (rmudgett) 2011-12-08 19:47:46.407-0600 See the "Subversion Commits" tab for where the patch was committed. Regular maintenance fixes currently only go into v1.8 and newer. |