[asterisk-bugs] [Asterisk 0011913]: segfault in codec_zap line 150

noreply at bugs.digium.com noreply at bugs.digium.com
Wed Mar 19 15:00:03 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=11913 
====================================================================== 
Reported By:                snuffy
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   11913
Category:                   Codecs/codec_zap
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.14 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             02-03-2008 23:53 CST
Last Modified:              03-19-2008 15:00 CDT
====================================================================== 
Summary:                    segfault in codec_zap line 150
Description: 
This could also involve the tc400b card, since it is doing the transcoding
for g729.

Program terminated with signal 11, Segmentation fault.
http://bugs.digium.com/view.php?id=0  0x08273174 in zap_framein (pvt=0xb616a090,
f=0x9e9cdd8) at
codec_zap.c:160
160             memcpy(hdr->srcdata + hdr->srcoffset + hdr->srclen,
f->data, f->datalen);


(gdb) bt
http://bugs.digium.com/view.php?id=0  0x08273174 in zap_framein (pvt=0xb616a090,
f=0x9e9cdd8) at
codec_zap.c:160
http://bugs.digium.com/view.php?id=1  0x080f9bb9 in framein (pvt=0xb616a090,
f=0x9e9cdd8) at
translate.c:189
http://bugs.digium.com/view.php?id=2  0x080fa221 in ast_translate
(path=0xb616a090, f=0x9e9cdd8, consume=0)
at translate.c:334
http://bugs.digium.com/view.php?id=3  0x080888ed in ast_write (chan=0xb6579e40,
fr=0x9e9cdd8) at
channel.c:2887
http://bugs.digium.com/view.php?id=4  0x0808c4b4 in ast_generic_bridge
(c0=0xb6579e40, c1=0x9e08778,
config=0xb6477a80, fo=0xb6477734, rc=0xb6477730, bridge_end={tv_sec = 0,
tv_usec = 0})
    at channel.c:4105
http://bugs.digium.com/view.php?id=5  0x0808d557 in ast_channel_bridge
(c0=0xb6579e40, c1=0x9e08778,
config=0xb6477a80, fo=0xb6477734, rc=0xb6477730) at channel.c:4356
http://bugs.digium.com/view.php?id=6  0x082df10c in ast_bridge_call
(chan=0xb6579e40, peer=0x9e08778,
config=0xb6477a80) at res_features.c:1404
http://bugs.digium.com/view.php?id=7  0x0813acf5 in dial_exec_full
(chan=0xb6579e40, data=0xb647a808,
peerflags=0xb6478674, continue_exec=0x0) at app_dial.c:1656
http://bugs.digium.com/view.php?id=8  0x0813af75 in dial_exec (chan=0xb6579e40,
data=0xb647a808) at
app_dial.c:1710
http://bugs.digium.com/view.php?id=9  0x080bf348 in pbx_exec (c=0xb6579e40,
app=0x9c97930, data=0xb647a808)
at pbx.c:532
http://bugs.digium.com/view.php?id=10 0x080c283f in pbx_extension_helper
(c=0xb6579e40, con=0x0,
context=0xb6579fc0 "macro-outgoing", exten=0xb657a010 "s", priority=36,
label=0x0, 
    callerid=0x9deef68 "61386143814", action=E_SPAWN) at pbx.c:1838
http://bugs.digium.com/view.php?id=11 0x080c390e in ast_spawn_extension
(c=0xb6579e40, context=0xb6579fc0
"macro-outgoing", exten=0xb657a010 "s", priority=36, callerid=0x9deef68
"61386143814")
    at pbx.c:2293
http://bugs.digium.com/view.php?id=12 0x0814a454 in _macro_exec
(chan=0xb6579e40, data=0xb647f958,
exclusive=0) at app_macro.c:308
http://bugs.digium.com/view.php?id=13 0x0814b0d5 in macro_exec (chan=0xb6579e40,
data=0xb647f958) at
app_macro.c:486
http://bugs.digium.com/view.php?id=14 0x080bf348 in pbx_exec (c=0xb6579e40,
app=0x9c9d578, data=0xb647f958)
at pbx.c:532
http://bugs.digium.com/view.php?id=15 0x080c283f in pbx_extension_helper
(c=0xb6579e40, con=0x0,
context=0xb6579fc0 "macro-outgoing", exten=0xb657a010 "s", priority=50,
label=0x0, 
    callerid=0xb68ad650 "", action=E_SPAWN) at pbx.c:1838
http://bugs.digium.com/view.php?id=16 0x080c390e in ast_spawn_extension
(c=0xb6579e40, context=0xb6579fc0
"macro-outgoing", exten=0xb657a010 "s", priority=50, callerid=0xb68ad650
"") at pbx.c:2293
http://bugs.digium.com/view.php?id=17 0x0814a454 in _macro_exec
(chan=0xb6579e40, data=0xb64829fc,
exclusive=0) at app_macro.c:308
http://bugs.digium.com/view.php?id=18 0x0814b0d5 in macro_exec (chan=0xb6579e40,
data=0xb64829fc) at
app_macro.c:486
http://bugs.digium.com/view.php?id=19 0x080bf348 in pbx_exec (c=0xb6579e40,
app=0x9c9d578, data=0xb64829fc)
at pbx.c:532
http://bugs.digium.com/view.php?id=20 0x082cc6cc in realtime_exec
(chan=0xb6579e40, context=0xb6579fc0
"macro-outgoing", exten=0xb657a010 "s", priority=2, callerid=0xb68ad650 "",
data=0x9c5ec01 "")
    at pbx_realtime.c:216
http://bugs.digium.com/view.php?id=21 0x080c2922 in pbx_extension_helper
(c=0xb6579e40, con=0x0,
context=0xb6579fc0 "macro-outgoing", exten=0xb657a010 "s", priority=2,
label=0x0, 
    callerid=0xb68ad650 "", action=E_SPAWN) at pbx.c:1849
http://bugs.digium.com/view.php?id=22 0x080c390e in ast_spawn_extension
(c=0xb6579e40, context=0xb6579fc0
"macro-outgoing", exten=0xb657a010 "s", priority=2, callerid=0xb68ad650 "")
at pbx.c:2293
http://bugs.digium.com/view.php?id=23 0x080c3dde in __ast_pbx_run (c=0xb6579e40)
at pbx.c:2393
http://bugs.digium.com/view.php?id=24 0x080c4b7a in pbx_thread (data=0xb6579e40)
at pbx.c:2608
http://bugs.digium.com/view.php?id=25 0x08100898 in dummy_start
(data=0xb68770f8) at utils.c:843
http://bugs.digium.com/view.php?id=26 0x00d292db in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=27 0x00cac12e in clone () from /lib/libc.so.6


(gdb) frame
http://bugs.digium.com/view.php?id=0  0x08273174 in zap_framein (pvt=0xb616a090,
f=0x9e9cdd8) at
codec_zap.c:160
160             memcpy(hdr->srcdata + hdr->srcoffset + hdr->srclen,
f->data, f->datalen);
(gdb) print hdr->srcdata
Cannot access memory at address 0xb67c0100

(gdb) info fram
Stack level 0, frame at 0xb64770a0:
 eip = 0x8273174 in zap_framein (codec_zap.c:160); saved eip 0x80f9bb9
 called by frame at 0xb64770f0
 source language c.
 Arglist at 0xb6477098, args: pvt=0xb616a090, f=0x9e9cdd8
 Locals at 0xb6477098, Previous frame's sp is 0xb64770a0
 Saved registers:
  ebx at 0xb647708c, ebp at 0xb6477098, esi at 0xb6477090, edi at
0xb6477094, eip at 0xb647709c
(gdb) print f->data
$1 = (void *) 0xb67460c0
(gdb) print f->datalen
$2 = 40
(gdb) print hdr->srclen
Cannot access memory at address 0xb67c0008
(gdb) print hdr
$3 = (struct zt_transcode_header *) 0xb67c0000
(gdb)

====================================================================== 

---------------------------------------------------------------------- 
 qwell - 03-19-08 15:00  
---------------------------------------------------------------------- 
Any change here? 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-19-08 15:00  qwell          Note Added: 0084287                          
======================================================================

More information about the asterisk-bugs mailing list