[asterisk-bugs] [Asterisk 0012017]: Asterisk crashes on dial_exec_full
noreply at bugs.digium.com
noreply at bugs.digium.com
Tue Feb 26 02:33:39 CST 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=12017
======================================================================
Reported By: agupta
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 12017
Category: Core-General
Reproducibility: random
Severity: crash
Priority: normal
Status: feedback
Asterisk Version: 1.4.18
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 02-18-2008 08:41 CST
Last Modified: 02-26-2008 02:33 CST
======================================================================
Summary: Asterisk crashes on dial_exec_full
Description:
Asterisk Crashes intermittently after 2-3 hours of calling .
There is corruption on some variables and opt_args is out of bounds .
0x00710c49 in dial_exec_full (chan=0x99e3b90, data=0xb760cf48,
peerflags=0xb760ae14, continue_exec=0x0) at app_dial.c:1334
res = 0
u = (struct ast_module_user *) 0x9a02b90
rest = 0x0
cur = 0x0
outgoing = (struct dial_localuser *) 0x9a6e9f0
peer = (struct ast_channel *) 0x813bcd6
to = -1
numbusy = 0
numcongestion = 0
numnochan = 0
cause = 0
numsubst =
"g1/9873225386\000`·|¬`·ô¯[\000\\«`·D`·H¬`·dÏM\000\\«`·W\213\024\b\224¬`·D`·\000\000\000\000ü«`·O\000\000\000\001\200ûD`·D`·D`·D`·_`·\223`·D`·\223`·",
'\0' <repeats 20 times>,
"À´[\000\000\000\000\000/øM\000\000\000\000ÿ\000\000\000\000\036\001N\000À´[\000\000 û4:\000\000\000\000\000\000\000ô¯[\000\000\000\0004ÿÿÿÿ\004¬`·\034÷M\000À´[\000ÿÿÿÿ\037\000\000\000\037\000\000\000\033 û·\001\000\000\000(¬"...
cidname = '\0' <repeats 79 times>
privdb_val = 0
calldurationlimit = 0
timelimit = 0
play_warning = 0
warning_freq = 0
warning_sound = 0x0
end_sound = 0x0
start_sound = 0x0
dtmfcalled = 0x0
dtmfcalling = 0x0
status = "NOANSWER\000GS", '\0' <repeats 244 times>
play_to_caller = 0
play_to_callee = 0
sentringing = 1
moh = 0
outbound_group = 0x0
result = 0
start_time = 1203336508
privintro = "m\213\024\bW\213\024\b\006\000\000\000\n", '\0' <repeats 15
times>, "\n\000\000\000¢ª`·", '\0' <repeats 12 times>, "\003!N", '\0'
<repeats 13 times>,
"\001\000\000\000ؼ\023\b\000\000\000\000'O§\tô¯[\000L¬`·ä]\022\b(¬`·ï§K\000L¬`·Ö¼\023\b\002\000\000\000\001\000\000\000\003\f\024\b\000\000\000\000%O§\tô¯[\000\001\f\024\b\002\000\000\000\000¬`·²¯K\000|¬`·\001\f\024\b\002",
'\0' <repeats 15 times>, "
¬`·Ç«K\000²Î`·´«`·0¬`·à¬`·m\213\024\bÄ«`·\020Ï`·\000\000\000\000k\213\024"...
privcid =
"ô¯[\000\000\000\000\000ÿÿÿÿ\033\000\000\000m\213\024\bW\213\024\b\006\000\000\000\n",
'\0' <repeats 15 times>, "\n\000\000\000²©`·", '\0' <repeats 12 times>,
"\003!N", '\0' <repeats 17 times>,
"m\213\024\b\000\000\000\000_`·ô¯[\000l\213\024\b\001\000\000\0008«`·²¯K\000\\«`·l\213\024\b\001\000\000\000\000\000\000\000¡)\024\b\002\000\000\000X«`·Ç«K\000|«`·¡)\024\b\020«`·\000\000\000\000\224\n\023\b¤ª`·\n\000\000\000Ç«K\000\000\000\000\000\000\000\000\0000«`·Ø«`·\000\000\000\000(\000\000\000\000\000\000\000ð«`·",
'\0' <repeats 16 times>...
parse = 0xb760a020 "Zap"
opermode = 0
args = {argc = 3, argv = 0xb760a4a8, peers = 0xb760a020 "Zap", timeout =
0xb760a032 "", options = 0xb760a033 "o", url = 0x0}
opts = {flags = 16384}
opt_args = {0x0, 0x0, 0x0, 0x0, 0x0, 0x28 <Address 0x28 out of bounds>,
0x0, 0xb760ab00 "", 0x0}
datastore = (struct ast_datastore *) 0x9a57210
fulldial = 0
num_dialed = 1
__PRETTY_FUNCTION__ = "dial_exec_full"
======================================================================
----------------------------------------------------------------------
agupta - 02-26-08 02:33
----------------------------------------------------------------------
Again a core dump . And again i think the same ast_queue_frame and same
pointer cur seems corrupt .
Program terminated with signal 11, Segmentation fault.
http://bugs.digium.com/view.php?id=0 0x080816da in ast_queue_frame
(chan=0x929eee8, fin=0x9374a94)
at channel.c:900
900 if ((cur = AST_LIST_LAST(&chan->readq)) && (cur->frametype
== AS
T_FRAME_CONTROL) && (cur->subclass == AST_CONTROL_HANGUP)) {
(gdb) bt full
http://bugs.digium.com/view.php?id=0 0x080816da in ast_queue_frame
(chan=0x929eee8, fin=0x9374a94)
at channel.c:900
f = (struct ast_frame *) 0xb6a22d40
cur = (struct ast_frame *) 0x63
blah = 1
qlen = 0
__PRETTY_FUNCTION__ = "ast_queue_frame"
Issue History
Date Modified Username Field Change
======================================================================
02-26-08 02:33 agupta Note Added: 0082948
======================================================================
More information about the asterisk-bugs
mailing list