[asterisk-bugs] [Asterisk 0013050]: Memory segmentation fault on T.38 pass through
Asterisk Bug Tracker
noreply at bugs.digium.com
Wed Feb 11 11:51:31 CST 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=13050
======================================================================
Reported By: schern
Assigned To: Corydon76
======================================================================
Project: Asterisk
Issue ID: 13050
Category: Channels/chan_sip/T.38
Reproducibility: always
Severity: block
Priority: normal
Status: feedback
Target Version: 1.4.24
Asterisk Version: 1.4.21
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2008-07-10 08:17 CDT
Last Modified: 2009-02-11 11:51 CST
======================================================================
Summary: Memory segmentation fault on T.38 pass through
Description:
I tried to use the chan_sip with T.38 pass through. An Fax is coming via
T.38 from
the Carrier an should go to a Linksys SPA2102 (T.38 enabled).
Short after starting UDPL traffic I got a segmentation fault.
The crash is 100% reproducible.
Outbound T.38 is no problem at all.
======================================================================
----------------------------------------------------------------------
(0099909) schern (reporter) - 2009-02-11 11:51
http://bugs.digium.com/view.php?id=13050#c99909
----------------------------------------------------------------------
After applying the patch 20090211__bug13050.diff.txt from Corydon76
Asterisk is also not crashing anymore but inbound fax calls are still
incomplete:
--- snip ---
UDPTL Debugging Enabled
*CLI> [New Thread 1075951968 (LWP 25777)]
[...]
-- Called 00043551198
-- SIP/00043551198-0076dc60 is ringing
-- SIP/00043551198-0076dc60 answered SIP/in-px1-00758270
Got UDPTL packet from 212.87.38.44:63874 (type 0, seq 0, len 8)
Sent UDPTL packet to 62.180.55.10:21258 (type 0, seq 1, len 8)
[...]
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 6)
Sent UDPTL packet to 212.87.38.44:63874 (type 0, seq 34, len 16)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 6)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 251)
Sent UDPTL packet to 212.87.38.44:63874 (type 0, seq 35, len 259)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 251)
Sent UDPTL packet to 212.87.38.44:63874 (type 0, seq 36, len 502)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 251)
Sent UDPTL packet to 212.87.38.44:63874 (type 0, seq 37, len 747)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 251)
[Feb 11 18:44:07] ERROR[25777]: udptl.c:257 encode_open_type: Buffer
overflow detected (245 + 747 > 800)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 251)
[Feb 11 18:44:07] ERROR[25777]: udptl.c:257 encode_open_type: Buffer
overflow detected (245 + 747 > 800)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 251)
[Feb 11 18:44:07] ERROR[25777]: udptl.c:257 encode_open_type: Buffer
overflow detected (245 + 747 > 800)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 251)
[Feb 11 18:44:08] ERROR[25777]: udptl.c:257 encode_open_type: Buffer
overflow detected (245 + 747 > 800)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 153)
[Feb 11 18:44:08] ERROR[25777]: udptl.c:257 encode_open_type: Buffer
overflow detected (245 + 649 > 800)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 6)
Sent UDPTL packet to 212.87.38.44:63874 (type 0, seq 38, len 747)
[...]
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 191)
Sent UDPTL packet to 212.87.38.44:63874 (type 0, seq 129, len 752)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 191)
Sent UDPTL packet to 212.87.38.44:63874 (type 0, seq 130, len 752)
Got UDPTL packet from 62.180.55.10:21258 (type 0, seq 0, len 191)
Sent UDPTL packet to 212.87.38.44:63874 (type 0, seq 131, len 752)
== Spawn extension (incoming, 030346499198, 3) exited non-zero on
'SIP/in-px1-00758270'
[Thread 1075951968 (zombie) exited]
--- snap ---
I don't understand why there are buffer overflows because
T38FaxMaxDatagram is set to 1000 in udptl.conf.
Issue History
Date Modified Username Field Change
======================================================================
2009-02-11 11:51 schern Note Added: 0099909
======================================================================
More information about the asterisk-bugs
mailing list