| Summary: | ASTERISK-19435: Asterisk segfaults in app_alarmreceiver | ||
| Reporter: | Deon George (leenooks) | Labels: | |
| Date Opened: | 2012-02-27 21:16:54.000-0600 | Date Closed: | 2012-09-05 11:04:07 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Applications/app_alarmreceiver |
| Versions: | 1.8.9.0 1.8.9.2 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | Linux Centos 5.7 (updated) (32bit) Asterisk 1.8.9.2 (from asterisk-1.8 repos) (Problem also existed on 1.6.2) | Attachments: | ( 0) 0001-Fix-bug-ASTERISK-19435.patch ( 1) asterisk-alarmreceiver.patch |
| Description: | App alarm receive causes an asterisk segfault when receiving an alarm from an alarm panel. GDB-backtrace: Core was generated by `/usr/sbin/asterisk -f -U asterisk -G asterisk -vvvg -c'. Program terminated with signal 11, Segmentation fault. #0 0x008d9979 in strcasecmp () from /lib/libc.so.6 (gdb) bt #0 0x008d9979 in strcasecmp () from /lib/libc.so.6 #1 0x080b936c in ast_write () #2 0x00d5a64d in send_tone_burst (chan=0x9649cc8, freq=1400, duration=100, tldn=2048) at app_alarmreceiver.c:212 #3 0x00d5b2b5 in receive_ademco_contact_id (chan=0x9649cc8, data=0x81be1de "") at app_alarmreceiver.c:450 #4 alarmreceiver_exec (chan=0x9649cc8, data=0x81be1de "") at app_alarmreceiver.c:615 #5 0x081405db in pbx_exec () #6 0x081512ed in pbx_extension_helper () #7 0x0815469f in __ast_pbx_run () #8 0x08157230 in pbx_thread () #9 0x081946ab in dummy_start () #10 0x0038d832 in start_thread () from /lib/libpthread.so.0 #11 0x0093a46e in clone () from /lib/libc.so.6 From what I can see, the problem could be that fr->src is used in ast_write() {strcasecmp(fr->src, "ast_prod")}, however fr->src (which is wf->src) is not set in app_alarmreceiver.c. This seems to be introduced in changeset 276652 | ||
| Comments: | By: Deon George (leenooks) 2012-02-28 00:54:07.023-0600 Fixes segfault in app_alarmreciever By: Deon George (leenooks) 2012-02-28 00:55:26.212-0600 I fixed this problem with the attached patch (basically setting wf.src = "" before calling ast_write(). By: Matt Jordan (mjordan) 2012-03-13 08:52:49.678-0500 Deon: since app_alarmreceiver is an extended support module, patches for it are typically handled by the Asterisk community. You may want to see if someone with commit access on #asterisk-dev or on the developer mailing list would be willing to take a look at your patch and confirm that it is the correct fix for this problem, and commit it. By: Kaloyan Kovachev (knk) 2012-03-15 06:20:44.172-0500 I think the correct fix should be to revert 276652 and replace it with: if (chan->generatordata && fr->src && strcasecmp(fr->src, "ast_prod")) { It looks strange to skip all frame processing and treat it as ast_prod when fr->src is NULL By: Pedro Kiefer (pedrokiefer) 2012-07-20 11:40:51.585-0500 I've send another patch to the mailing list. Using the same structure as app_fax, app_festival and app_mp3. By: Pedro Kiefer (pedrokiefer) 2012-07-20 12:19:30.383-0500 Set ast_frame.src to __FUNCTION__ as per app_fax, app_festival and app_mp3. | ||