[asterisk-bugs] [Asterisk 0014746]: segfault following httpd_helper_thread -> generic_http_callback -> ast_str_append

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Aug 20 14:23:49 CDT 2009


The following issue has been UPDATED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=14746 
====================================================================== 
Reported By:                stuarth
Assigned To:                dvossel
====================================================================== 
Project:                    Asterisk
Issue ID:                   14746
Category:                   Core/ManagerInterface
Reproducibility:            have not tried
Severity:                   minor
Priority:                   normal
Status:                     closed
Target Version:             1.6.1.x Pending Blocker
Asterisk Version:           SVN 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.1 
SVN Revision (number only!): 180187 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2009-03-25 07:05 CDT
Last Modified:              2009-08-20 14:23 CDT
====================================================================== 
Summary:                    segfault following httpd_helper_thread ->
generic_http_callback -> ast_str_append
Description: 
A segfault was seen with this backtrace;

https://issues.asterisk.org/view.php?id=0  0x0041db93 in strlen () from
/lib/tls/libc.so.6
https://issues.asterisk.org/view.php?id=1  0x003f1741 in vfprintf () from
/lib/tls/libc.so.6
https://issues.asterisk.org/view.php?id=2  0x0040ef96 in vsnprintf () from
/lib/tls/libc.so.6
https://issues.asterisk.org/view.php?id=3  0x0813d1e2 in __ast_str_helper
(buf=0xb6d55ba4, max_len=0, append=1, 
    fmt=0x817d4eb "%s", ap=0xb6d55b1c "") at utils.c:1746
https://issues.asterisk.org/view.php?id=4  0x0813d3df in ast_str_append
(buf=0xb7d80000, max_len=3084386304, 
    fmt=0xb7d80000 <Address 0xb7d80000 out of bounds>)
    at
/usr/src/asterisk-1.6.1-svn/asterisk-1.6.1/include/asterisk/strings.h:642
https://issues.asterisk.org/view.php?id=5  0x080e37ac in generic_http_callback
(format=FORMAT_RAW, 
    remote_address=0xb6cb46f0, uri=0xb6d57214 "", method=AST_HTTP_GET, 
    params=0x86e70a0, status=0xb6d55eb8, title=0xb6d55eb4, 
    contentlength=0xb6d55eb0) at manager.c:3883
https://issues.asterisk.org/view.php?id=6  0x080cdc00 in httpd_helper_thread
(data=0xb6cb46e0) at http.c:559
https://issues.asterisk.org/view.php?id=7  0x0813054e in handle_tls_connection
(data=0xb6cb46e0) at tcptls.c:219
https://issues.asterisk.org/view.php?id=8  0x0813b8b5 in dummy_start (data=0x0)
at utils.c:968
https://issues.asterisk.org/view.php?id=9  0x005273cc in start_thread () from
/lib/tls/libpthread.so.0
https://issues.asterisk.org/view.php?id=10 0x0047f96e in clone () from
/lib/tls/libc.so.6
(gdb) frame 5
https://issues.asterisk.org/view.php?id=5  0x080e37ac in generic_http_callback
(format=FORMAT_RAW, 
    remote_address=0xb6cb46f0, uri=0xb6d57214 "", method=AST_HTTP_GET, 
    params=0x86e70a0, status=0xb6d55eb8, title=0xb6d55eb4, 
    contentlength=0xb6d55eb0) at manager.c:3883
3883                                            ast_str_append(&out, 0,
"%s", buf);
(gdb) print *params
$1 = {name = 0x86e70c8 "action", value = 0x86e70cf "status", next =
0x1da95818, 
  file = 0x86e70d6 "", lineno = 0, object = 0, blanklines = 0, 
  precomments = 0x0, sameline = 0x0, trailing = 0x0, stuff = 0x86e70c8
"action"}
(gdb) print *status
$2 = 200
(gdb) print *title
$3 = 0x0
(gdb) print *contentlength
$4 = 0
(gdb) print buf
$5 = 0xb7d7e000 "Response: Success\r\nMessage: Channel status will
follow\r\n\r\nEvent: Status\r\nPrivilege: Call\r\nChannel:
SIP/164-18997d38\r\nCallerIDNum: 1237981299.50891\r\nCallerIDName:
anonymous\r\nAccount: \r\nState: Ringing\r\n"...

is there anything else that might be relevant to tracking this down?
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-08-20 14:23 dvossel        Resolution               open => fixed       
======================================================================




More information about the asterisk-bugs mailing list