[asterisk-bugs] [Asterisk 0013050]: Memory segmentation fault on T.38 pass through

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Sep 2 10:16:52 CDT 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=13050 
====================================================================== 
Reported By:                schern
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   13050
Category:                   Channels/chan_sip/T.38
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     acknowledged
Asterisk Version:           1.4.21 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-07-10 08:17 CDT
Last Modified:              2008-09-02 10:16 CDT
====================================================================== 
Summary:                    Memory segmentation fault on T.38 pass through
Description: 
I tried to use the chan_sip with T.38 pass through. An Fax is coming via
T.38 from
the Carrier an should go to a Linksys SPA2102 (T.38 enabled).
Short after starting UDPL traffic I got a segmentation fault.
The crash is 100% reproducible.
Outbound T.38 is no problem at all.
====================================================================== 

---------------------------------------------------------------------- 
 (0091968) haggard (reporter) - 2008-09-02 10:16
 http://bugs.digium.com/view.php?id=13050#c91968 
---------------------------------------------------------------------- 
Hi,

I can also reproduce this behavior with the same carrier-hardware (Ascotel
CVX) and asterisk in all versions from 1.4.18. to 1.4.21 on both i386 and
x86_64 platforms.
The last line from udpl debug before segfault shows a receiving packet
from the CVX with immense length. 

Got UDPTL packet from 10.10.0.18:21290 (type 0, seq 0, len 21)
Got UDPTL packet from 10.10.0.18:21290 (type 0, seq 0, len 6)
Sent UDPTL packet to 192.168.1.20:7078 (type 0, seq 35, len 23)
Got UDPTL packet from 10.10.0.18:21290 (type 0, seq 0, len 6)
Got UDPTL packet from 10.10.0.18:21290 (type 0, seq 0, len 450)

That's exactly the point where * crashes each time.

GDB output while loading corefiles:

http://bugs.digium.com/view.php?id=0  0x080f94a8 in init_manager () at
manager.c:3162
3162                    fcntl(asock, F_SETFL, flags | O_NONBLOCK);

I hope to find time to send over all collected informations the next
days.

Hope that was a little helpful

Regards
  Haggard 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-09-02 10:16 haggard        Note Added: 0091968                          
======================================================================




More information about the asterisk-bugs mailing list