No subject


Thu Jul 12 09:23:04 CDT 2007 

==12656== Invalid read of size 1
==12656==    at 0x401E768: strlen (mc_replace_strmem.c:242)
==12656==    by 0x4F23163: vfprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==12656==    by 0x4F40F80: vsnprintf (in
/lib/tls/i686/cmov/libc-2.3.6.so)
==12656==    by 0x8100E03: ast_dynamic_str_thread_build_va (utils.c:1294)
==12656==    by 0x80B306C: ast_log (logger.c:783)
==12656==    by 0x5A03C66: ??? (chan_sip.c:15381)
==12656==    by 0x80AD830: ast_io_wait (io.c:279)
==12656==    by 0x5A046CF: ??? (chan_sip.c:15603)
==12656==    by 0x80FFFB4: dummy_start (utils.c:852)
==12656==    by 0x403123F: start_thread (in
/lib/tls/i686/cmov/libpthread-2.3.6.so)
==12656==    by 0x4FAF49D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so)
==12656==  Address 0x6274251 is 137 bytes inside a block of size 240
free'd
==12656==    at 0x401D40C: free (vg_replace_malloc.c:323)
==12656==    by 0x8072362: __ast_free_region (astmm.c:174)
==12656==    by 0x80726EE: __ast_free (astmm.c:208)
==12656==    by 0x808204A: ast_channel_free (channel.c:1254)
==12656==    by 0x8082A22: ast_hangup (channel.c:1496)
==12656==    by 0x80C3BCE: __ast_pbx_run (pbx.c:2563)
==12656==    by 0x80C3DB2: pbx_thread (pbx.c:2623)
==12656==    by 0x80FFFB4: dummy_start (utils.c:852)
==12656==    by 0x403123F: start_thread (in
/lib/tls/i686/cmov/libpthread-2.3.6.so)
==12656==    by 0x4FAF49D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so)


==12656== Invalid read of size 1
==12656==    at 0x401F2A0: mempcpy (mc_replace_strmem.c:676)
==12656==    by 0x4F46042: _IO_default_xsputn (in
/lib/tls/i686/cmov/libc-2.3.6.so)
==12656==    by 0x4F22DA7: vfprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==12656==    by 0x4F40F80: vsnprintf (in
/lib/tls/i686/cmov/libc-2.3.6.so)
==12656==    by 0x8100E03: ast_dynamic_str_thread_build_va (utils.c:1294)
==12656==    by 0x80B306C: ast_log (logger.c:783)
==12656==    by 0x5A03C66: ??? (chan_sip.c:15381)
==12656==    by 0x80AD830: ast_io_wait (io.c:279)
==12656==    by 0x5A046CF: ??? (chan_sip.c:15603)
==12656==    by 0x80FFFB4: dummy_start (utils.c:852)
==12656==    by 0x403123F: start_thread (in
/lib/tls/i686/cmov/libpthread-2.3.6.so)
==12656==    by 0x4FAF49D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so)
==12656==  Address 0x6274267 is 159 bytes inside a block of size 240
free'd
==12656==    at 0x401D40C: free (vg_replace_malloc.c:323)
==12656==    by 0x8072362: __ast_free_region (astmm.c:174)
==12656==    by 0x80726EE: __ast_free (astmm.c:208)
==12656==    by 0x808204A: ast_channel_free (channel.c:1254)
==12656==    by 0x8082A22: ast_hangup (channel.c:1496)
==12656==    by 0x80C3BCE: __ast_pbx_run (pbx.c:2563)
==12656==    by 0x80C3DB2: pbx_thread (pbx.c:2623)
==12656==    by 0x80FFFB4: dummy_start (utils.c:852)
==12656==    by 0x403123F: start_thread (in
/lib/tls/i686/cmov/libpthread-2.3.6.so)
==12656==    by 0x4FAF49D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so)

These are also chan_sip.c:do_monitor related. It seems do_monitor really
likes to free stuff while other threads are using it or use stuff other
threads have disposed of. Did something change around 1.4.11 or so with
do_monitor locking? 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
02-13-08 14:24  norman         Note Added: 0082176                          
======================================================================

More information about the asterisk-bugs mailing list