[asterisk-bugs] [Asterisk 0013240]: Execute Playtones(Busy) from AGI and Asterisk crash

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Aug 5 19:47:54 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=13240 
====================================================================== 
Reported By:                jvandal
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   13240
Category:                   Core/Channels
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.21.2 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-08-05 11:11 CDT
Last Modified:              2008-08-05 19:47 CDT
====================================================================== 
Summary:                    Execute Playtones(Busy) from AGI and Asterisk crash
Description: 
I have an AGi that execute the Playtones(busy) application and when I dial
this exten from IAX phone (Zoiper), asterisk crash.

If I dial from a SIP phone, all work as expected.
====================================================================== 

---------------------------------------------------------------------- 
 (0091122) putnopvut (administrator) - 2008-08-05 19:47
 http://bugs.digium.com/view.php?id=13240#c91122 
---------------------------------------------------------------------- 
Just using your backtrace, it appears as though the voice frame passed to
ast_slinfactory_feed has a subclass of 0. This mean that the frame has no
format associated with it. This causes ast_translator_build_path to attempt
to access a negative array index, thus causing a crash.

The question, then, is why there is no format associated with the voice
frame. The frame is generated in ast_prod(), where a voice frame with
format equal to the channel's "rawwriteformat" is written. I would guess,
then, that the rawwriteformat of the channel is 0, which seems as though it
should not be possible.

The first thing that would be helpful would be to confirm that this is the
case. For some reason, symbol table info isn't available for functions near
the top of the stack in your backtrace, and frame 10 appears to be the
closest frame to the top that has information. Please open the core dump in
gdb, and issue the following two commands:

f 10
p chan->rawwriteformat

If what I've said is correct, then gdb should display "0" for the value of
chan->rawwriteformat. 

Also, what type of channel is the AGI being executed on? 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-08-05 19:47 putnopvut      Note Added: 0091122                          
======================================================================

More information about the asterisk-bugs mailing list