[asterisk-bugs] [Asterisk 0014746]: segfault following httpd_helper_thread -> generic_http_callback -> ast_str_append
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu Aug 20 14:23:49 CDT 2009
The following issue has been UPDATED.
======================================================================
https://issues.asterisk.org/view.php?id=14746
======================================================================
Reported By: stuarth
Assigned To: dvossel
======================================================================
Project: Asterisk
Issue ID: 14746
Category: Core/ManagerInterface
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: closed
Target Version: 1.6.1.x Pending Blocker
Asterisk Version: SVN
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.1
SVN Revision (number only!): 180187
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 2009-03-25 07:05 CDT
Last Modified: 2009-08-20 14:23 CDT
======================================================================
Summary: segfault following httpd_helper_thread ->
generic_http_callback -> ast_str_append
Description:
A segfault was seen with this backtrace;
https://issues.asterisk.org/view.php?id=0 0x0041db93 in strlen () from
/lib/tls/libc.so.6
https://issues.asterisk.org/view.php?id=1 0x003f1741 in vfprintf () from
/lib/tls/libc.so.6
https://issues.asterisk.org/view.php?id=2 0x0040ef96 in vsnprintf () from
/lib/tls/libc.so.6
https://issues.asterisk.org/view.php?id=3 0x0813d1e2 in __ast_str_helper
(buf=0xb6d55ba4, max_len=0, append=1,
fmt=0x817d4eb "%s", ap=0xb6d55b1c "") at utils.c:1746
https://issues.asterisk.org/view.php?id=4 0x0813d3df in ast_str_append
(buf=0xb7d80000, max_len=3084386304,
fmt=0xb7d80000 <Address 0xb7d80000 out of bounds>)
at
/usr/src/asterisk-1.6.1-svn/asterisk-1.6.1/include/asterisk/strings.h:642
https://issues.asterisk.org/view.php?id=5 0x080e37ac in generic_http_callback
(format=FORMAT_RAW,
remote_address=0xb6cb46f0, uri=0xb6d57214 "", method=AST_HTTP_GET,
params=0x86e70a0, status=0xb6d55eb8, title=0xb6d55eb4,
contentlength=0xb6d55eb0) at manager.c:3883
https://issues.asterisk.org/view.php?id=6 0x080cdc00 in httpd_helper_thread
(data=0xb6cb46e0) at http.c:559
https://issues.asterisk.org/view.php?id=7 0x0813054e in handle_tls_connection
(data=0xb6cb46e0) at tcptls.c:219
https://issues.asterisk.org/view.php?id=8 0x0813b8b5 in dummy_start (data=0x0)
at utils.c:968
https://issues.asterisk.org/view.php?id=9 0x005273cc in start_thread () from
/lib/tls/libpthread.so.0
https://issues.asterisk.org/view.php?id=10 0x0047f96e in clone () from
/lib/tls/libc.so.6
(gdb) frame 5
https://issues.asterisk.org/view.php?id=5 0x080e37ac in generic_http_callback
(format=FORMAT_RAW,
remote_address=0xb6cb46f0, uri=0xb6d57214 "", method=AST_HTTP_GET,
params=0x86e70a0, status=0xb6d55eb8, title=0xb6d55eb4,
contentlength=0xb6d55eb0) at manager.c:3883
3883 ast_str_append(&out, 0,
"%s", buf);
(gdb) print *params
$1 = {name = 0x86e70c8 "action", value = 0x86e70cf "status", next =
0x1da95818,
file = 0x86e70d6 "", lineno = 0, object = 0, blanklines = 0,
precomments = 0x0, sameline = 0x0, trailing = 0x0, stuff = 0x86e70c8
"action"}
(gdb) print *status
$2 = 200
(gdb) print *title
$3 = 0x0
(gdb) print *contentlength
$4 = 0
(gdb) print buf
$5 = 0xb7d7e000 "Response: Success\r\nMessage: Channel status will
follow\r\n\r\nEvent: Status\r\nPrivilege: Call\r\nChannel:
SIP/164-18997d38\r\nCallerIDNum: 1237981299.50891\r\nCallerIDName:
anonymous\r\nAccount: \r\nState: Ringing\r\n"...
is there anything else that might be relevant to tracking this down?
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2009-08-20 14:23 dvossel Resolution open => fixed
======================================================================
More information about the asterisk-bugs
mailing list