[asterisk-bugs] [Asterisk 0011913]: segfault in codec_zap line 150

noreply at bugs.digium.com noreply at bugs.digium.com
Wed Mar 19 15:24:19 CDT 2008 

The following issue has been RESOLVED. 
====================================================================== 
http://bugs.digium.com/view.php?id=11913 
====================================================================== 
Reported By:                snuffy
Assigned To:                russell
====================================================================== 
Project:                    Asterisk
Issue ID:                   11913
Category:                   Codecs/codec_zap
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     resolved
Asterisk Version:           1.4.14 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 suspended
Fixed in Version:           
====================================================================== 
Date Submitted:             02-03-2008 23:53 CST
Last Modified:              03-19-2008 15:24 CDT
====================================================================== 
Summary:                    segfault in codec_zap line 150
Description: 
This could also involve the tc400b card, since it is doing the transcoding
for g729.

Program terminated with signal 11, Segmentation fault.
http://bugs.digium.com/view.php?id=0  0x08273174 in zap_framein (pvt=0xb616a090,
f=0x9e9cdd8) at
codec_zap.c:160
160             memcpy(hdr->srcdata + hdr->srcoffset + hdr->srclen,
f->data, f->datalen);


(gdb) bt
http://bugs.digium.com/view.php?id=0  0x08273174 in zap_framein (pvt=0xb616a090,
f=0x9e9cdd8) at
codec_zap.c:160
http://bugs.digium.com/view.php?id=1  0x080f9bb9 in framein (pvt=0xb616a090,
f=0x9e9cdd8) at
translate.c:189
http://bugs.digium.com/view.php?id=2  0x080fa221 in ast_translate
(path=0xb616a090, f=0x9e9cdd8, consume=0)
at translate.c:334
http://bugs.digium.com/view.php?id=3  0x080888ed in ast_write (chan=0xb6579e40,
fr=0x9e9cdd8) at
channel.c:2887
http://bugs.digium.com/view.php?id=4  0x0808c4b4 in ast_generic_bridge
(c0=0xb6579e40, c1=0x9e08778,
config=0xb6477a80, fo=0xb6477734, rc=0xb6477730, bridge_end={tv_sec = 0,
tv_usec = 0})
    at channel.c:4105
http://bugs.digium.com/view.php?id=5  0x0808d557 in ast_channel_bridge
(c0=0xb6579e40, c1=0x9e08778,
config=0xb6477a80, fo=0xb6477734, rc=0xb6477730) at channel.c:4356
http://bugs.digium.com/view.php?id=6  0x082df10c in ast_bridge_call
(chan=0xb6579e40, peer=0x9e08778,
config=0xb6477a80) at res_features.c:1404
http://bugs.digium.com/view.php?id=7  0x0813acf5 in dial_exec_full
(chan=0xb6579e40, data=0xb647a808,
peerflags=0xb6478674, continue_exec=0x0) at app_dial.c:1656
http://bugs.digium.com/view.php?id=8  0x0813af75 in dial_exec (chan=0xb6579e40,
data=0xb647a808) at
app_dial.c:1710
http://bugs.digium.com/view.php?id=9  0x080bf348 in pbx_exec (c=0xb6579e40,
app=0x9c97930, data=0xb647a808)
at pbx.c:532
http://bugs.digium.com/view.php?id=10 0x080c283f in pbx_extension_helper
(c=0xb6579e40, con=0x0,
context=0xb6579fc0 "macro-outgoing", exten=0xb657a010 "s", priority=36,
label=0x0, 
    callerid=0x9deef68 "61386143814", action=E_SPAWN) at pbx.c:1838
http://bugs.digium.com/view.php?id=11 0x080c390e in ast_spawn_extension
(c=0xb6579e40, context=0xb6579fc0
"macro-outgoing", exten=0xb657a010 "s", priority=36, callerid=0x9deef68
"61386143814")
    at pbx.c:2293
http://bugs.digium.com/view.php?id=12 0x0814a454 in _macro_exec
(chan=0xb6579e40, data=0xb647f958,
exclusive=0) at app_macro.c:308
http://bugs.digium.com/view.php?id=13 0x0814b0d5 in macro_exec (chan=0xb6579e40,
data=0xb647f958) at
app_macro.c:486
http://bugs.digium.com/view.php?id=14 0x080bf348 in pbx_exec (c=0xb6579e40,
app=0x9c9d578, data=0xb647f958)
at pbx.c:532
http://bugs.digium.com/view.php?id=15 0x080c283f in pbx_extension_helper
(c=0xb6579e40, con=0x0,
context=0xb6579fc0 "macro-outgoing", exten=0xb657a010 "s", priority=50,
label=0x0, 
    callerid=0xb68ad650 "", action=E_SPAWN) at pbx.c:1838
http://bugs.digium.com/view.php?id=16 0x080c390e in ast_spawn_extension
(c=0xb6579e40, context=0xb6579fc0
"macro-outgoing", exten=0xb657a010 "s", priority=50, callerid=0xb68ad650
"") at pbx.c:2293
http://bugs.digium.com/view.php?id=17 0x0814a454 in _macro_exec
(chan=0xb6579e40, data=0xb64829fc,
exclusive=0) at app_macro.c:308
http://bugs.digium.com/view.php?id=18 0x0814b0d5 in macro_exec (chan=0xb6579e40,
data=0xb64829fc) at
app_macro.c:486
http://bugs.digium.com/view.php?id=19 0x080bf348 in pbx_exec (c=0xb6579e40,
app=0x9c9d578, data=0xb64829fc)
at pbx.c:532
http://bugs.digium.com/view.php?id=20 0x082cc6cc in realtime_exec
(chan=0xb6579e40, context=0xb6579fc0
"macro-outgoing", exten=0xb657a010 "s", priority=2, callerid=0xb68ad650 "",
data=0x9c5ec01 "")
    at pbx_realtime.c:216
http://bugs.digium.com/view.php?id=21 0x080c2922 in pbx_extension_helper
(c=0xb6579e40, con=0x0,
context=0xb6579fc0 "macro-outgoing", exten=0xb657a010 "s", priority=2,
label=0x0, 
    callerid=0xb68ad650 "", action=E_SPAWN) at pbx.c:1849
http://bugs.digium.com/view.php?id=22 0x080c390e in ast_spawn_extension
(c=0xb6579e40, context=0xb6579fc0
"macro-outgoing", exten=0xb657a010 "s", priority=2, callerid=0xb68ad650 "")
at pbx.c:2293
http://bugs.digium.com/view.php?id=23 0x080c3dde in __ast_pbx_run (c=0xb6579e40)
at pbx.c:2393
http://bugs.digium.com/view.php?id=24 0x080c4b7a in pbx_thread (data=0xb6579e40)
at pbx.c:2608
http://bugs.digium.com/view.php?id=25 0x08100898 in dummy_start
(data=0xb68770f8) at utils.c:843
http://bugs.digium.com/view.php?id=26 0x00d292db in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=27 0x00cac12e in clone () from /lib/libc.so.6


(gdb) frame
http://bugs.digium.com/view.php?id=0  0x08273174 in zap_framein (pvt=0xb616a090,
f=0x9e9cdd8) at
codec_zap.c:160
160             memcpy(hdr->srcdata + hdr->srcoffset + hdr->srclen,
f->data, f->datalen);
(gdb) print hdr->srcdata
Cannot access memory at address 0xb67c0100

(gdb) info fram
Stack level 0, frame at 0xb64770a0:
 eip = 0x8273174 in zap_framein (codec_zap.c:160); saved eip 0x80f9bb9
 called by frame at 0xb64770f0
 source language c.
 Arglist at 0xb6477098, args: pvt=0xb616a090, f=0x9e9cdd8
 Locals at 0xb6477098, Previous frame's sp is 0xb64770a0
 Saved registers:
  ebx at 0xb647708c, ebp at 0xb6477098, esi at 0xb6477090, edi at
0xb6477094, eip at 0xb647709c
(gdb) print f->data
$1 = (void *) 0xb67460c0
(gdb) print f->datalen
$2 = 40
(gdb) print hdr->srclen
Cannot access memory at address 0xb67c0008
(gdb) print hdr
$3 = (struct zt_transcode_header *) 0xb67c0000
(gdb)

====================================================================== 

---------------------------------------------------------------------- 
 russell - 03-19-08 15:24  
---------------------------------------------------------------------- 
Since this is a problem with a Digium product, it should be handled through
Digium technical support.  They will ensure that the problem is reported
internally and that the correct people are notified.  Thanks for
understanding. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-19-08 15:24  russell        Resolution               open => suspended   
03-19-08 15:24  russell        Assigned To               => russell         
03-19-08 15:24  russell        Note Added: 0084290                          
======================================================================

More information about the asterisk-bugs mailing list