[asterisk-bugs] [Asterisk 0010204]: Encore Bluetooth Dongle: ENUBT-C1E (class1) No voice, crash on hangup

noreply at bugs.digium.com noreply at bugs.digium.com
Mon Sep 17 13:42:46 CDT 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10204 
====================================================================== 
Reported By:                murf
Assigned To:                dbowerman
====================================================================== 
Project:                    Asterisk
Issue ID:                   10204
Category:                   Addons/chan_mobile
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:            SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!):  
Disclaimer on File?:        Yes 
Request Review:              
====================================================================== 
Date Submitted:             07-14-2007 11:08 CDT
Last Modified:              09-17-2007 13:42 CDT
====================================================================== 
Summary:                    Encore Bluetooth  Dongle: ENUBT-C1E (class1) No
voice, crash on hangup
Description: 
With the Encore Class 1 Bluetooth dongle ENUBT-C1E, with asterisk calling
out
thru a paired Samsung "Wafer" using Dial(), we get a faintly crackly
audio, and no voice from the other end after it successfully dials out.
Asterisk seems to 
give up and hangup, and crashes in the process. The phone seems to time
out on 
the bluetooth connection, and you can carry on the conversation on the
cellphone.

We end up dying in ast_translator_free_path.

====================================================================== 

---------------------------------------------------------------------- 
 murf - 09-17-07 13:42  
---------------------------------------------------------------------- 
I really have no idea (at the moment) of a way to attack this problem, so I
decided to "go to the basics", and use valgrind to see if there's anything
funky going on in the software...

And, during the chan_mobile load, I get:

==4828==
==4828== Conditional jump or move depends on uninitialised value(s)
==4828==    at 0x701900F: hci_for_each_dev (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x7019101: hci_get_route (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x700A2BD: ??? (chan_mobile.c:1951)
==4828==    by 0x80C3B2A: load_resource (loader.c:662)
==4828==    by 0x80C441C: load_modules (loader.c:854)
==4828==    by 0x8074D58: main (asterisk.c:2937)
==4828==
==4828== Syscall param socketcall.bind(my_addr.) points to uninitialised
byte(s)
==4828==    at 0x4000772: (within /lib/ld-2.3.6.so)
==4828==    by 0x700A2CB: ??? (chan_mobile.c:1952)
==4828==    by 0x80C3B2A: load_resource (loader.c:662)
==4828==    by 0x80C441C: load_modules (loader.c:854)
==4828==    by 0x8074D58: main (asterisk.c:2937)
==4828==  Address 0xBEAEAF4A is on thread 1's stack
==4828==
==4828== Conditional jump or move depends on uninitialised value(s)
==4828==    at 0x700A2D3: ??? (chan_mobile.c:1953)
==4828==    by 0x80C3B2A: load_resource (loader.c:662)
==4828==    by 0x80C441C: load_modules (loader.c:854)
==4828==    by 0x8074D58: main (asterisk.c:2937)
  == Parsing '/etc/asterisk/mobile.conf':   == Found
==4828==
==4828== Conditional jump or move depends on uninitialised value(s)
==4828==    at 0x701900F: hci_for_each_dev (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x701937E: hci_devid (in /usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x7009860: ??? (chan_mobile.c:1773)
==4828==    by 0x700A328: ??? (chan_mobile.c:1960)
==4828==    by 0x80C3B2A: load_resource (loader.c:662)
==4828==    by 0x80C441C: load_modules (loader.c:854)
==4828==    by 0x8074D58: main (asterisk.c:2937)
==4828==
==4828== Syscall param socketcall.bind(my_addr.) points to uninitialised
byte(s)
==4828==    at 0x4000772: (within /lib/ld-2.3.6.so)
==4828==    by 0x7009874: ??? (chan_mobile.c:1774)
==4828==    by 0x700A328: ??? (chan_mobile.c:1960)
==4828==    by 0x80C3B2A: load_resource (loader.c:662)
==4828==    by 0x80C441C: load_modules (loader.c:854)
==4828==    by 0x8074D58: main (asterisk.c:2937)
==4828==  Address 0xBEAEAEAA is on thread 1's stack
==4828==
==4828== Conditional jump or move depends on uninitialised value(s)
==4828==    at 0x7009884: ??? (chan_mobile.c:1776)
==4828==    by 0x700A328: ??? (chan_mobile.c:1960)
==4828==    by 0x80C3B2A: load_resource (loader.c:662)
==4828==    by 0x80C441C: load_modules (loader.c:854)
==4828==    by 0x8074D58: main (asterisk.c:2937)
[Sep 17 07:30:51] ERROR[4832]: chan_mobile.c:1777 mbl_load_config: Unable
to open adapter iogear_gbu221. It wont be enabled.
[Sep 17 07:30:51] ERROR[4832]: chan_mobile.c:1777 mbl_load_config: Unable
to open adapter asus. It wont be enabled.
==4828==
==4828== Invalid read of size 1
==4828==    at 0x401E398: memcpy (mac_replace_strmem.c:394)
==4828==    by 0x701EFC9: sdp_gen_pdu (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x701FADB: sdp_append_to_pdu (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x701FB23: (within /usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x701C025: sdp_gen_record_pdu (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x701E306: sdp_device_record_register (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x701E4AF: sdp_record_register (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x70070D4: ??? (chan_mobile.c:1150)
==4828==    by 0x700A379: ??? (chan_mobile.c:1965)
==4828==    by 0x80C3B2A: load_resource (loader.c:662)
==4828==    by 0x80C441C: load_modules (loader.c:854)
==4828==    by 0x8074D58: main (asterisk.c:2937)
==4828==  Address 0x5ED62E5 is 0 bytes after a block of size 13 alloc'd
==4828==    at 0x401C422: malloc (vg_replace_malloc.c:149)
==4828==    by 0x701BA63: sdp_data_alloc_with_length (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x701BC5C: sdp_data_alloc (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x701E4DE: sdp_attr_add_new (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x701E77D: sdp_set_info_attr (in
/usr/lib/libbluetooth.so.1.0.24)
==4828==    by 0x7007033: ??? (chan_mobile.c:1145)
==4828==    by 0x700A379: ??? (chan_mobile.c:1965)
==4828==    by 0x80C3B2A: load_resource (loader.c:662)
==4828==    by 0x80C441C: load_modules (loader.c:854)
==4828==    by 0x8074D58: main (asterisk.c:2937)
  == Registered application 'MobileStatus'
  == Registered application 'MobileSendSMS'
  == Registered channel type 'Mobile' (Bluetooth Mobile Device Channel
Driver)                                                                    
                                        

I don't know if any of the above might affect anything.... I checked, and
the io_pipe array is not initialized when the pvt struct is created. While
this might not mean anything, it **is** good form to initialize all fields,
just in case....

valgrind reports several such violations in various places thru-out
asterisk; one in the sqlite interface is particularly disturbing... the
trouble with memory  issues, is that a problem in a far-away, unrelated
chunk of code can affect your code in unpredictable ways... 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
09-17-07 13:42  murf           Note Added: 0070685                          
======================================================================

More information about the asterisk-bugs mailing list