[asterisk-bugs] [Asterisk 0016430]: Asterisk crashes on dtmf detection on channel with 2 bluetooth cellphone

Asterisk Bug Tracker noreply at bugs.digium.com
Fri Dec 18 15:18:31 CST 2009


A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=16430 
====================================================================== 
Reported By:                azbest
Assigned To:                mnicholson
====================================================================== 
Project:                    Asterisk
Issue ID:                   16430
Category:                   Addons/chan_mobile
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     assigned
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.2 
SVN Revision (number only!): 1074 
Request Review:              
====================================================================== 
Date Submitted:             2009-12-11 08:04 CST
Last Modified:              2009-12-18 15:18 CST
====================================================================== 
Summary:                    Asterisk crashes on dtmf detection on channel with 2
bluetooth cellphone
Description: 
When 2 cellular phones connected to a channel dtmf signals will make
asterisk to crash: double free.

sip->gsm and gsm->sip connection works fine, but gsm->gsm connection is
problematic.

Removing these lines from chan_mobile.c will prevent crashing, but dtmf
detection is tured off:
4014 	ast_dsp_set_features(pvt->dsp, DSP_FEATURE_DIGIT_DETECT);
4015 	ast_dsp_set_digitmode(pvt->dsp, DSP_DIGITMODE_DTMF |
DSP_DIGITMODE_RELAXDTMF); 

_My guess_ is that asterisk dsp detects the same dtmf signal on input and
output side too and uses the same memory area to store informations about
that. Finally it tries to free this memory area twice. 
====================================================================== 

---------------------------------------------------------------------- 
 (0115435) azbest (reporter) - 2009-12-18 15:18
 https://issues.asterisk.org/view.php?id=16430#c115435 
---------------------------------------------------------------------- 
uploaded valgrind log
...
==5775== Invalid free() / delete / delete[]
==5775==    at 0x4024836: free (vg_replace_malloc.c:325)
==5775==    by 0x80DDA38: ast_frame_free (frame.c:368)
==5775==    by 0x814E2E3: ast_slinfactory_read (slinfactory.c:182)
==5775==    by 0x80817BD: audiohook_read_frame_both (audiohook.c:252)
==5775==    by 0x8081B96: ast_audiohook_read_frame (audiohook.c:299)
... 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-12-18 15:18 azbest         Note Added: 0115435                          
======================================================================




More information about the asterisk-bugs mailing list