[asterisk-bugs] [Asterisk 0014019]: Starting or restarting asterisk causes seg fault and core dump, apparently in ael/pval.c:4833

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Dec 9 10:32:08 CST 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14019 
====================================================================== 
Reported By:                ckjohnsonme
Assigned To:                murf
====================================================================== 
Project:                    Asterisk
Issue ID:                   14019
Category:                   PBX/pbx_ael
Reproducibility:            sometimes
Severity:                   crash
Priority:                   normal
Status:                     ready for testing
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 160852 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-12-03 20:11 CST
Last Modified:              2008-12-09 10:32 CST
====================================================================== 
Summary:                    Starting or restarting asterisk causes seg fault and
core dump, apparently in ael/pval.c:4833
Description: 
[root at freedom asterisk]# asterisk -V
Asterisk SVN-trunk-r160791
[root at freedom asterisk]# service asterisk start
Starting asterisk:                                         [  OK  ]
[root at freedom asterisk]# service asterisk restart
Shutting down asterisk: Asterisk ended with exit status 0
Asterisk shutdown normally.
                                                           [  OK  ]
Starting asterisk:                                         [  OK  ]
[root at freedom asterisk]# /usr/sbin/safe_asterisk: line 138: 11599
Segmentation fault      (core dumped) nice -n $PRIORITY
${ASTSBINDIR}/asterisk -f ${CLIARGS} ${ASTARGS} > /dev/${TTY} 2>&1 <
/dev/${TTY}
Asterisk ended with exit status 139
Asterisk exited on signal 11.
Automatically restarting Asterisk.
mpg123: no process killed
/usr/sbin/safe_asterisk: line 138: 11643 Segmentation fault      (core
dumped) nice -n $PRIORITY ${ASTSBINDIR}/asterisk -f ${CLIARGS} ${ASTARGS} >
/dev/${TTY} 2>&1 < /dev/${TTY}
Asterisk ended with exit status 139
Asterisk exited on signal 11.
Automatically restarting Asterisk.
mpg123: no process killed
/usr/sbin/safe_asterisk: line 138: 11688 Segmentation fault      (core
dumped) nice -n $PRIORITY ${ASTSBINDIR}/asterisk -f ${CLIARGS} ${ASTARGS} >
/dev/${TTY} 2>&1 < /dev/${TTY}
Asterisk ended with exit status 139
Asterisk exited on signal 11.
Automatically restarting Asterisk.
mpg123: no process killed
/usr/sbin/safe_asterisk: line 138: 11732 Segmentation fault      (core
dumped) nice -n $PRIORITY ${ASTSBINDIR}/asterisk -f ${CLIARGS} ${ASTARGS} >
/dev/${TTY} 2>&1 < /dev/${TTY}
Asterisk ended with exit status 139
Asterisk exited on signal 11.
Automatically restarting Asterisk.
mpg123: no process killed
/usr/sbin/safe_asterisk: line 138: 11775 Segmentation fault      (core
dumped) nice -n $PRIORITY ${ASTSBINDIR}/asterisk -f ${CLIARGS} ${ASTARGS} >
/dev/${TTY} 2>&1 < /dev/${TTY}
Asterisk ended with exit status 139
Asterisk exited on signal 11.
Automatically restarting Asterisk.
mpg123: no process killed

The problem occurs frequently but not reliably.  Starting asterisk service
usually causes one or more segfaults before safe_asterisk successfully
starts asterisk.
====================================================================== 

---------------------------------------------------------------------- 
 (0096012) svnbot (reporter) - 2008-12-09 10:32
 http://bugs.digium.com/view.php?id=14019#c96012 
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 162013

U   branches/1.4/include/asterisk/ael_structs.h
U   branches/1.4/pbx/ael/ael.flex
U   branches/1.4/pbx/ael/ael_lex.c
U   branches/1.4/pbx/pbx_ael.c

------------------------------------------------------------------------
r162013 | murf | 2008-12-09 10:32:08 -0600 (Tue, 09 Dec 2008) | 45 lines

(closes issue http://bugs.digium.com/view.php?id=14019)
Reported by: ckjohnsonme
Patches:
      14019.diff uploaded by murf (license 17)
Tested by: ckjohnsonme, murf

This crash was the result of a few small errors that
would combine in 64-bit land to result in a crash.

32-bit land might have seen these combine to mysteriously
drop the args to an application call, in certain
circumstances.

Also, in trying to find this bug, I spotted
a situation in the flex input, where, in passing
back a 'word' to the parser, it would allocate
a buffer larger than necessary. I changed the
usage in such situations, so that strdup was
not used, but rather, an ast_malloc, followed
by ast_copy_string.

I removed a field from the pval struct, in
u2, that was never getting used, and set in
one spot in the code. I believe it was an
artifact of a previous fix to make switch
cases work invisibly with extens.

And, for goto's I removed a '!' from
before a strcmp, that has been there
since the initial merging of AEL2, that
might prevent the proper target of a 
goto from being found. This was pretty
harmless on its own, as it would just
louse up a consistency check for users.

Many thanks to ckjohnsonme for providing
a simplified and complete set of information
about the bug, that helped considerably in
finding and fixing the problem.

Now, to get aelparse up and running again
in trunk, and out of its "horribly broken" state,
so I can run the regression suite!


------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=162013 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-12-09 10:32 svnbot         Checkin                                      
2008-12-09 10:32 svnbot         Note Added: 0096012                          
======================================================================




More information about the asterisk-bugs mailing list