| Summary: | ASTERISK-19762: Segfault in ast_frdup when invalid data length specified in duplicated frame | ||||||
| Reporter: | Benjamin (bulkorok) | Labels: | |||||
| Date Opened: | 2012-04-20 06:34:36 | Date Closed: | 2012-08-10 02:46:58 | ||||
| Priority: | Critical | Regression? | |||||
| Status: | Closed/Complete | Components: | Resources/res_fax | ||||
| Versions: | 1.8.11.0 | Frequency of Occurrence | Frequent | ||||
| Related Issues: |
| ||||||
| Environment: | Linux version 2.6.32-5-amd64 (Debian 2.6.32-41squeeze2) | Attachments: | ( 0) ASTERISK-19762_fix.diff ( 1) ASTERISK-19762.diff ( 2) bt.txt ( 3) bt_2.txt ( 4) bt_full.txt ( 5) bt_full_2.txt | ||||
| Description: | Hi, Asterisk crashes with segfault. I can not reproduce it. I suppose it comes from faxing with T.38 (bt.txt and bt full.txt) There were about 8 segfault in the past 4 days... Any suggestions!? regards, Benjamin | ||||||
| Comments: | By: Benjamin (bulkorok) 2012-04-23 10:31:36.202-0500 Hi, I checked the generated TIFF-Files from Faxreceiver. They are OK. So It can not be a corrupted TIFF. By: Benjamin (bulkorok) 2012-04-23 10:46:40.456-0500 Hi, found a similar issue: ASTERISK-17649 By: Benjamin (bulkorok) 2012-05-09 08:57:26.484-0500 Hi, I attached bt 2.txt and bt full 2.txt It's another segfault fresh from today. By: Benjamin (bulkorok) 2012-06-25 08:00:40.266-0500 I have another segfault today. The segfaults before occured with res_fax_spandsp I have licenced 4 Fax For Asterisk channels. Segfault with res_fax_digium.so too! By: Kinsey Moore (kmoore) 2012-07-16 16:07:32.032-0500 Hello Benjamin, Is this segfault reproducable with the tiff file you mentioned? Could you provide a console debug log to go along with the crash? Unfortunately, the backtrace is of limited usefulness since it does not capture where the frame is generated, but I have a lead to follow in udptl.c. Kinsey By: Benjamin (bulkorok) 2012-07-30 02:33:05.486-0500 Hello Kinsey, unfortunately I can not reproduce the error with the file. I opend a Digium Support Case in our account where I attached many log files when the segfault occures. The Digium Case number is 00285432 I hope that you will find all information you need there. I will try to catch everything you need... Benjamin By: Kinsey Moore (kmoore) 2012-08-06 08:04:59.340-0500 Benjamin, The only pcap I can find from you is 1342181407.3900.pcap along with log files cli-capture_stripped.txt and manager-fax-output_stripped.txt. The pcap looks to be mostly alright even though it opens with an error mentioning a partial packet at the end and I can see no indication of the segfault occurring on either log file. Can you verify that these are the correct log files and that they hold the activity surrounding the segfault? The only possible problem with the code I can see right now is seqno overflow and I am not sure that it would cause the problems you are seeing. In the mean time, could you try out the patch attached to ASTERISK-19373? Kinsey By: Benjamin (bulkorok) 2012-08-06 08:12:21.726-0500 Hi Kinsey, I sent a new backtrace and cli-, manager- and sip+rtp+udptl-flow to the open Digium Support-ticket 00285432. I will try the patch you mentioned. Do you know if there is a message or something when the failure happens?! Benjamin By: Kinsey Moore (kmoore) 2012-08-06 09:23:53.548-0500 Attached patch for additional debugging. By: Kinsey Moore (kmoore) 2012-08-07 09:08:36.823-0500 Added possible fix. ASTERISK-19762_fix.diff By: Benjamin (bulkorok) 2012-08-08 01:49:12.899-0500 Should I keep the patch from https://issues.asterisk.org/jira/secure/attachment/44225/ASTERISK-19373.diff ?! Or just insert the changes from https://issues.asterisk.org/jira/secure/attachment/44235/ASTERISK-19762_fix.diff ? By: Kinsey Moore (kmoore) 2012-08-09 08:37:28.570-0500 Benjamin confirmed this morning via IRC that the new patch fixes the segfaults as well. By: Benjamin (bulkorok) 2012-08-10 02:46:58.694-0500 ASTERISK-19762_fix.diff solves the segfaulting. Big Thanks to Kinsey! | ||||||