[asterisk-bugs] [Asterisk 0012017]: Asterisk crashes on dial_exec_full

noreply at bugs.digium.com noreply at bugs.digium.com
Tue Feb 26 02:33:39 CST 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12017 
====================================================================== 
Reported By:                agupta
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12017
Category:                   Core-General
Reproducibility:            random
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:           1.4.18 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             02-18-2008 08:41 CST
Last Modified:              02-26-2008 02:33 CST
====================================================================== 
Summary:                    Asterisk crashes on dial_exec_full
Description: 
Asterisk Crashes intermittently after 2-3 hours of calling . 

There is corruption on some variables and opt_args is out of bounds .

0x00710c49 in dial_exec_full (chan=0x99e3b90, data=0xb760cf48,
peerflags=0xb760ae14, continue_exec=0x0) at app_dial.c:1334
	res = 0
	u = (struct ast_module_user *) 0x9a02b90
	rest = 0x0
	cur = 0x0
	outgoing = (struct dial_localuser *) 0x9a6e9f0
	peer = (struct ast_channel *) 0x813bcd6
	to = -1
	numbusy = 0
	numcongestion = 0
	numnochan = 0
	cause = 0
	numsubst =
"g1/9873225386\000`·|¬`·ô¯[\000\\«`·D­`·H¬`·dÏM\000\\«`·W\213\024\b\224¬`·D­`·\000\000\000\000ü«`·O\000\000\000\001\200­ûD­`·D­`·D­`·D­`·_­`·\223­`·D­`·\223­`·",
'\0' <repeats 20 times>,
"À´[\000\000\000\000\000/øM\000\000\000\000ÿ\000\000\000\000\036\001N\000À´[\000\000 û4:\000\000\000\000\000\000\000ô¯[\000\000\000\0004ÿÿÿÿ\004¬`·\034÷M\000À´[\000ÿÿÿÿ\037\000\000\000\037\000\000\000\033 û·\001\000\000\000(¬"...
	cidname = '\0' <repeats 79 times>
	privdb_val = 0
	calldurationlimit = 0
	timelimit = 0
	play_warning = 0
	warning_freq = 0
	warning_sound = 0x0
	end_sound = 0x0
	start_sound = 0x0
	dtmfcalled = 0x0
	dtmfcalling = 0x0
	status = "NOANSWER\000GS", '\0' <repeats 244 times>
	play_to_caller = 0
	play_to_callee = 0
	sentringing = 1
	moh = 0
	outbound_group = 0x0
	result = 0
	start_time = 1203336508
	privintro = "m\213\024\bW\213\024\b\006\000\000\000\n", '\0' <repeats 15
times>, "\n\000\000\000¢ª`·", '\0' <repeats 12 times>, "\003!N", '\0'
<repeats 13 times>,
"\001\000\000\000ؼ\023\b\000\000\000\000'O§\tô¯[\000L¬`·ä]\022\b(¬`·ï§K\000L¬`·Ö¼\023\b\002\000\000\000\001\000\000\000\003\f\024\b\000\000\000\000%O§\tô¯[\000\001\f\024\b\002\000\000\000\000¬`·²¯K\000|¬`·\001\f\024\b\002",
'\0' <repeats 15 times>, "
¬`·Ç«K\000²Î`·´«`·0¬`·à¬`·m\213\024\bÄ«`·\020Ï`·\000\000\000\000k\213\024"...
	privcid =
"ô¯[\000\000\000\000\000ÿÿÿÿ\033\000\000\000m\213\024\bW\213\024\b\006\000\000\000\n",
'\0' <repeats 15 times>, "\n\000\000\000²©`·", '\0' <repeats 12 times>,
"\003!N", '\0' <repeats 17 times>,
"m\213\024\b\000\000\000\000_­`·ô¯[\000l\213\024\b\001\000\000\0008«`·²¯K\000\\«`·l\213\024\b\001\000\000\000\000\000\000\000¡)\024\b\002\000\000\000X«`·Ç«K\000|«`·¡)\024\b\020«`·\000\000\000\000\224\n\023\b¤ª`·\n\000\000\000Ç«K\000\000\000\000\000\000\000\000\0000«`·Ø«`·\000\000\000\000(\000\000\000\000\000\000\000ð«`·",
'\0' <repeats 16 times>...
	parse = 0xb760a020 "Zap"
	opermode = 0
	args = {argc = 3, argv = 0xb760a4a8, peers = 0xb760a020 "Zap", timeout =
0xb760a032 "", options = 0xb760a033 "o", url = 0x0}
	opts = {flags = 16384}
	opt_args = {0x0, 0x0, 0x0, 0x0, 0x0, 0x28 <Address 0x28 out of bounds>,
0x0, 0xb760ab00 "", 0x0}
	datastore = (struct ast_datastore *) 0x9a57210
	fulldial = 0
	num_dialed = 1
	__PRETTY_FUNCTION__ = "dial_exec_full"
====================================================================== 

---------------------------------------------------------------------- 
 agupta - 02-26-08 02:33  
---------------------------------------------------------------------- 
Again a core dump . And again i think the same ast_queue_frame and same
pointer cur seems corrupt .


Program terminated with signal 11, Segmentation fault.
http://bugs.digium.com/view.php?id=0  0x080816da in ast_queue_frame
(chan=0x929eee8, fin=0x9374a94)
    at channel.c:900
900             if ((cur = AST_LIST_LAST(&chan->readq)) && (cur->frametype
== AS
T_FRAME_CONTROL) && (cur->subclass == AST_CONTROL_HANGUP)) {
(gdb) bt full
http://bugs.digium.com/view.php?id=0  0x080816da in ast_queue_frame
(chan=0x929eee8, fin=0x9374a94)
    at channel.c:900
        f = (struct ast_frame *) 0xb6a22d40
        cur = (struct ast_frame *) 0x63
        blah = 1
        qlen = 0
        __PRETTY_FUNCTION__ = "ast_queue_frame" 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
02-26-08 02:33  agupta         Note Added: 0082948                          
======================================================================




More information about the asterisk-bugs mailing list