[asterisk-bugs] [Asterisk 0011685]: segfault with the AMI

noreply at bugs.digium.com noreply at bugs.digium.com
Sat Jan 5 06:19:15 CST 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=11685 
====================================================================== 
Reported By:                junky
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   11685
Category:                   Core/ManagerInterface
Reproducibility:            sometimes
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.16.2 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 93163 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             01-05-2008 05:58 CST
Last Modified:              01-05-2008 06:19 CST
====================================================================== 
Summary:                    segfault with the AMI
Description: 
I'm getting that segfault few times on that system:

(gdb) bt
http://bugs.digium.com/view.php?id=0  0x080cd11c in process_events (s=0x8439be8)
at manager.c:2228
http://bugs.digium.com/view.php?id=1  0x080ce643 in do_message (s=0x8439be8) at
manager.c:2592
http://bugs.digium.com/view.php?id=2  0x080ce98e in session_do (data=0xb5d15450)
at manager.c:2652
http://bugs.digium.com/view.php?id=3  0x080ba2e9 in make_file_from_fd
(data=0xb5d15450) at http.c:724
http://bugs.digium.com/view.php?id=4  0x0812709f in dummy_start
(data=0xb5d1a508) at utils.c:857
http://bugs.digium.com/view.php?id=5  0xb7e18504 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
http://bugs.digium.com/view.php?id=6  0xb7d3351e in clone () from
/lib/tls/i686/cmov/libc.so.6
(gdb) bt full
http://bugs.digium.com/view.php?id=0  0x080cd11c in process_events (s=0x8439be8)
at manager.c:2228
        eqe = (struct eventqent *) 0xb5013af0
        ret = 0
http://bugs.digium.com/view.php?id=1  0x080ce643 in do_message (s=0x8439be8) at
manager.c:2592
        m = {hdrcount = 0, headers = {0x0 <repeats 128 times>}}
        header_buf = '\0' <repeats 1024 times>
        res = 0
http://bugs.digium.com/view.php?id=2  0x080ce98e in session_do (data=0xb5d15450)
at manager.c:2652
        ser = (struct server_instance *) 0xb5d15450
        s = (struct mansession *) 0x8439be8
        flags = 2050
        res = 0
        __PRETTY_FUNCTION__ = "session_do"
http://bugs.digium.com/view.php?id=3  0x080ba2e9 in make_file_from_fd
(data=0xb5d15450) at http.c:724
        ser = (struct server_instance *) 0xb5d15450
        __PRETTY_FUNCTION__ = "make_file_from_fd"
        cookie_funcs = {read = 0x80ba10b <ssl_read>, write = 0x80ba135
<ssl_write>, seek = 0, close = 0x80ba156 <ssl_close>}
http://bugs.digium.com/view.php?id=4  0x0812709f in dummy_start
(data=0xb5d1a508) at utils.c:857
        __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf =
{-1209913356, 0, 0, -1242676104, 1256473616, -149393297}, __mask_was_saved
= 0}}, __pad = {
    0xb5ee44b0, 0x0, 0x0, 0x0}}
        __cancel_routine = (void (*)(void *)) 0x806dfa7
<ast_unregister_thread>
        __cancel_arg = (void *) 0xb5ee4ba0
        not_first_call = 0
        ret = (void *) 0xb7d7185e
        a = {start_routine = 0x80ba18c <make_file_from_fd>, data =
0xb5d15450, 
  name = 0xb5d7d9e8 "make_file_from_fd    started at [  911] http.c
server_root()"}
http://bugs.digium.com/view.php?id=5  0xb7e18504 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
http://bugs.digium.com/view.php?id=6  0xb7d3351e in clone () from
/lib/tls/i686/cmov/libc.so.6
No symbol table info available.
(gdb) 

====================================================================== 

---------------------------------------------------------------------- 
 junky - 01-05-08 06:19  
---------------------------------------------------------------------- 
Also: (gdb) p s
$1 = (struct mansession *) 0x8439be8
(gdb) p s->last_ev
$2 = (struct eventqent *) 0x0
(gdb) p *s
$3 = {ms_t = 0, __lock = {__data = {__lock = 1, __count = 1, __owner =
27117, __kind = 1, __nusers = 1, {__spins = 0, __list = {__next = 0x0}}}, 
    __size =
"\001\000\000\000\001\000\000\000?i\000\000\001\000\000\000\001\000\000\000\000\000\000",
__align = 1}, sin = {sin_family = 2, 
    sin_port = 21469, sin_addr = {s_addr = 16777343}, sin_zero =
"\000\000\000\000\000\000\000"}, f = 0x8390b08, fd = 150, inuse = 0,
needdestroy = 0, 
  waiting_thread = 4294967295, managerid = 0, sessionstart = 1199522157,
sessiontimeout = 0, username = "ma", '\0' <repeats 77 times>, 
  challenge = "\000\000\000\000\000\000\000\000\000", authenticated = 1,
readperm = 127, writeperm = 127, 
  inbuf = "\r\nmmand: meetme list 2\r\n\r\nmeetme list 2\r\n\r\n\000\n
meetme list 2\r\n\r\ntme list 2\r\n\r\netme list 2\r\n\r\n", '\0' <repeats
932 times>, inlen = 0, send_events = -1, last_ev = 0x0, writetimeout = 100,
list = {next = 0x84a29e0}}
(gdb)

So i wonder if we could simply add 
an if (s->last_ev != NULL)  before calling NEW_EVENT
? 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
01-05-08 06:19  junky          Note Added: 0076343                          
======================================================================

More information about the asterisk-bugs mailing list