[asterisk-bugs] [Asterisk 0011052]: Passing a NULL value back from IF() to Set() on 64-bit crashes Asterisk

noreply at bugs.digium.com noreply at bugs.digium.com
Tue Oct 23 15:53:36 CDT 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=11052 
====================================================================== 
Reported By:                blitzrage
Assigned To:                murf
====================================================================== 
Project:                    Asterisk
Issue ID:                   11052
Category:                   Functions/func_logic
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.4.13  
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             10-22-2007 12:43 CDT
Last Modified:              10-23-2007 15:53 CDT
====================================================================== 
Summary:                    Passing a NULL value back from IF() to Set() on
64-bit crashes Asterisk
Description: 
Here is the offending dialplan line:

exten => _X.,n,Set(RING_CYCLE=${IF($[${ISNULL(${ARG3})} &
${EXISTS(${RING_CYCLE})}]?${RING_CYCLE})})

If the IF() function returns NULL (false branch), then Asterisk will
crash. Doing:

Set(RING_CYCLE=)

Does not crash Asterisk, so it seems to be something that the IF() is
passing back. This works fine on a 32-bit OS.
====================================================================== 

---------------------------------------------------------------------- 
 murf - 10-23-07 15:53  
---------------------------------------------------------------------- 
OK, the problem is this:

1. the IF function in this case will evaluate to "<expr>?" with <expr>
replaced 
   by the above. This will will be handed to a parse call using ? as the
sep.
2. This separate_args will set arg1 to the <expr> and will set the
arg1.remainder 
   variable in the IF func body to NULL.
3. The next call to parse arg1.remainder fails to set arg2.iffalse, which
on
   certain 64-bit platforms, at certain moon phases, will have garbage in
   it, which will lead to a crash. 
4. Efforts to 'fix' the separate_args code to always set all args to
something
   ended in disaster. This was not the right way to fix it.
5. Added a check for this condition to the IF func code. This will now
see
   this kind of situation and log an error in the function input, and
return
   a -1 value. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
10-23-07 15:53  murf           Note Added: 0072431                          
======================================================================

More information about the asterisk-bugs mailing list