[asterisk-bugs] [Asterisk 0010507]: Nonexistent extension makes crash asterisk

noreply at bugs.digium.com noreply at bugs.digium.com
Tue Aug 21 10:01:43 CDT 2007 

The following issue has been UPDATED. 
====================================================================== 
http://bugs.digium.com/view.php?id=10507 
====================================================================== 
Reported By:                maxper
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   10507
Category:                   Channels/chan_mgcp
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     new
Asterisk Version:            1.4.8  
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             08-21-2007 03:17 CDT
Last Modified:              08-21-2007 10:01 CDT
====================================================================== 
Summary:                    Nonexistent extension makes crash asterisk
Description: 
Asterisk any version (tested on 1.4.8 and 1.4.9, should be on others too).
Phones that we used to reproduce the bug: Swissvoice IP10S.
When I dial any extension that is invalid asterisk sends the busy signal,
and that's right. As soon I digit, after the busy signal any other key on
the phone, asterisk segfaults at line 3244 of chan_mgcp.c
It seems that the system, on the second part of the if condition
(sub->owner->_state >=  AST_STATE_UP)
has the sub->owner struct member pointing to an invalid location for some
reason.
As a solution that seems to work and that doesn't show and collateral
effects, I patched the file (patch in additional information).

To reproduce the bug, just add a phone to mgcp.conf,
point it to a context and add an extension to that context. As soon as you
digit something that is NOT that extension it gives busy and, after that,
it crashes.
Hope it helps
Massimiliano Perantoni
====================================================================== 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-21-07 10:01  russell        View Status              private => public   
======================================================================

More information about the asterisk-bugs mailing list