[asterisk-bugs] [Asterisk 0014086]: Address out of bounds in queue_log using transfer

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Jan 13 10:50:10 CST 2009 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14086 
====================================================================== 
Reported By:                ZX81
Assigned To:                putnopvut
====================================================================== 
Project:                    Asterisk
Issue ID:                   14086
Category:                   Applications/app_queue
Reproducibility:            random
Severity:                   crash
Priority:                   normal
Status:                     ready for testing
Asterisk Version:           SVN 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases):  1.4  
SVN Revision (number only!): 131480 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-12-15 20:31 CST
Last Modified:              2009-01-13 10:50 CST
====================================================================== 
Summary:                    Address out of bounds in queue_log using transfer
Description: 
This system has been up without problems for around 100 days until this
week at which stage it has crashed twice:

http://bugs.digium.com/view.php?id=0  0xb7dcd463 in strlen () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=1  0xb7da1164 in vfprintf () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=2  0xb7da62e2 in fprintf () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=3  0x080aff57 in ast_queue_log
(queuename=0x18 <Address 0x18 out of
bounds>, callid=0xb7e8 <Address 0xb7e8 out of bounds>, 
    agent=0x8cfd518 "SIP/8780", event=0xb749ffee "TRANSFER",
fmt=0xb749ffe0 "%s|%s|%ld|%ld") at logger.c:359
http://bugs.digium.com/view.php?id=4  0xb7491933 in queue_transfer_fixup
(data=0x8c9bf90,
old_chan=0xb5fbb868, new_chan=0xb5f9fef0) at app_queue.c:2582
http://bugs.digium.com/view.php?id=5  0x0808428d in ast_do_masquerade
(original=0xb5f9fef0) at
channel.c:3537
http://bugs.digium.com/view.php?id=6  0x080867d9 in __ast_read (chan=0xb5f9fef0,
dropaudio=0) at
channel.c:1971
http://bugs.digium.com/view.php?id=7  0x08089822 in ast_channel_bridge
(c0=0xb5f9fef0, c1=0xb5f9fef0,
config=0xb6af8e7c, fo=0xb6af7f88, rc=0xb6af7f84)
    at channel.c:2366
http://bugs.digium.com/view.php?id=8  0xb7c5659d in ast_bridge_call
(chan=0xb5f9fef0, peer=0x8d830c0,
config=0xb6af8e7c) at res_features.c:1486
http://bugs.digium.com/view.php?id=9  0xb7b4d37d in dial_exec_full
(chan=0xb5f9fef0, data=<value optimized
out>, peerflags=0xb6af8f44, continue_exec=0x0)
    at app_dial.c:1775
http://bugs.digium.com/view.php?id=10 0xb7b4d7e2 in dial_exec (chan=0xb5f9fef0,
data=0xb6afafb8) at
app_dial.c:1829
http://bugs.digium.com/view.php?id=11 0x080cd947 in pbx_extension_helper
(c=0xb5f9fef0, con=0x0,
context=0xb5fa0070 "internal", exten=0xb5fa00c0 "10800226440", 
    priority=1, label=0x0, callerid=0xb678e7d0 "8721", action=E_SPAWN) at
pbx.c:537
http://bugs.digium.com/view.php?id=12 0x080cf931 in __ast_pbx_run (c=0xb5f9fef0)
at pbx.c:2317
http://bugs.digium.com/view.php?id=13 0x080d098e in pbx_thread (data=0xb5f9fef0)
at pbx.c:2621
http://bugs.digium.com/view.php?id=14 0x080ff5d0 in dummy_start
(data=0xb64b1070) at utils.c:912
http://bugs.digium.com/view.php?id=15 0xb7f12240 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
http://bugs.digium.com/view.php?id=16 0xb7e2d49e in clone () from
/lib/tls/i686/cmov/libc.so.6

and

http://bugs.digium.com/view.php?id=0  0xb7ddb43b in strlen () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=1  0xb7daf164 in vfprintf () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=2  0xb7db42e2 in fprintf () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=3  0x080aff57 in ast_queue_log
(queuename=0x20c62e <Address 0x20c62e out
of bounds>, 
    callid=0x493ece85 <Address 0x493ece85 out of bounds>, agent=0xcd87eb0
"SIP/8846", event=0xb74e9fee "TRANSFER", 
    fmt=0xb74e9fe0 "%s|%s|%ld|%ld") at logger.c:359
http://bugs.digium.com/view.php?id=4  0xb74db933 in queue_transfer_fixup
(data=0xd2b21b0,
old_chan=0xdc9d218, new_chan=0xdc73aa8) at app_queue.c:2582
http://bugs.digium.com/view.php?id=5  0x0808428d in ast_do_masquerade
(original=0xdc73aa8) at
channel.c:3537
http://bugs.digium.com/view.php?id=6  0x080867d9 in __ast_read (chan=0xdc73aa8,
dropaudio=0) at
channel.c:1971
http://bugs.digium.com/view.php?id=7  0x08089822 in ast_channel_bridge
(c0=0xdc73aa8, c1=0xdc73aa8,
config=0xb4efae7c, fo=0xb4ef9fa8, rc=0xb4ef9fa4)
    at channel.c:2366
http://bugs.digium.com/view.php?id=8  0xb7c6459d in ast_bridge_call
(chan=0xdc73aa8, peer=0xdc79a50,
config=0xb4efae7c) at res_features.c:1486
http://bugs.digium.com/view.php?id=9  0xb7b9737d in dial_exec_full
(chan=0xdc73aa8, data=<value optimized
out>, peerflags=0xb4efaf44, continue_exec=0x0)
    at app_dial.c:1775
http://bugs.digium.com/view.php?id=10 0xb7b977e2 in dial_exec (chan=0xdc73aa8,
data=0xb4efcfb8) at
app_dial.c:1829
http://bugs.digium.com/view.php?id=11 0x080cd947 in pbx_extension_helper
(c=0xdc73aa8, con=0x0,
context=0xdc73c28 "internal", exten=0xdc73c78 "5765", priority=1, 
    label=0x0, callerid=0xdc00e90 "8897", action=E_SPAWN) at pbx.c:537
http://bugs.digium.com/view.php?id=12 0x080cf931 in __ast_pbx_run (c=0xdc73aa8)
at pbx.c:2317
http://bugs.digium.com/view.php?id=13 0x080d098e in pbx_thread (data=0xdc73aa8)
at pbx.c:2621
http://bugs.digium.com/view.php?id=14 0x080ff5d0 in dummy_start (data=0x91d8e50)
at utils.c:912
http://bugs.digium.com/view.php?id=15 0xb7f20240 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
http://bugs.digium.com/view.php?id=16 0xb7e3b49e in clone () from
/lib/tls/i686/cmov/libc.so.6

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0014060 [patch] Astrerisk crashes using the app...
====================================================================== 

---------------------------------------------------------------------- 
 (0097578) ZX81 (reporter) - 2009-01-13 10:50
 http://bugs.digium.com/view.php?id=14086#c97578 
---------------------------------------------------------------------- 
bt:

http://bugs.digium.com/view.php?id=0  0x0808157c in ast_channel_datastore_free
(datastore=0x82ca388) at
channel.c:1341
http://bugs.digium.com/view.php?id=1  0x08081122 in ast_channel_free
(chan=0x82e6378) at channel.c:1243
http://bugs.digium.com/view.php?id=2  0x08081ec6 in ast_hangup (chan=0x82e6378)
at channel.c:1553
http://bugs.digium.com/view.php?id=3  0x080c30be in __ast_pbx_run (c=0x82e6378)
at pbx.c:2562
http://bugs.digium.com/view.php?id=4  0x080c328a in pbx_thread (data=0x82e6378)
at pbx.c:2622
http://bugs.digium.com/view.php?id=5  0x08100ac9 in dummy_start (data=0x8296660)
at utils.c:850
http://bugs.digium.com/view.php?id=6  0xb7f20240 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
http://bugs.digium.com/view.php?id=7  0xb7e3b49e in clone () from
/lib/tls/i686/cmov/libc.so.6

bt full:

http://bugs.digium.com/view.php?id=0  0x0808157c in ast_channel_datastore_free
(datastore=0x82ca388) at
channel.c:1341
        res = 0
http://bugs.digium.com/view.php?id=1  0x08081122 in ast_channel_free
(chan=0x82e6378) at channel.c:1243
        fd = 0
        vardata = (struct ast_var_t *) 0x0
        f = (struct ast_frame *) 0x0
        headp = (struct varshead *) 0x82e66bc
        datastore = (struct ast_datastore *) 0x82ca388
        name = "ü±¤¶", '\0' <repeats 20 times>,
"ød.\b`k.\b\000\017}\000\230±¤¶ü±¤¶call,all", '\0' <repeats 27
times>
        dashptr = 0x0
        __PRETTY_FUNCTION__ = "ast_channel_free"
http://bugs.digium.com/view.php?id=2  0x08081ec6 in ast_hangup (chan=0x82e6378)
at channel.c:1553
        res = 0
        __PRETTY_FUNCTION__ = "ast_hangup"
http://bugs.digium.com/view.php?id=3  0x080c30be in __ast_pbx_run (c=0x82e6378)
at pbx.c:2562
        found = 1
        res = -1
        autoloopflag = 0
        error = 1
        __PRETTY_FUNCTION__ = "__ast_pbx_run"
http://bugs.digium.com/view.php?id=4  0x080c328a in pbx_thread (data=0x82e6378)
at pbx.c:2622
        c = (struct ast_channel *) 0x82e6378
http://bugs.digium.com/view.php?id=5  0x08100ac9 in dummy_start (data=0x8296660)
at utils.c:850
        _buffer = {__routine = 0x80698c3 <ast_unregister_thread>, __arg =
0xb6a4bbb0, __canceltype = 0, __prev = 0x0}
        ret = (void *) 0x0
        a = {start_routine = 0x80c3273 <pbx_thread>, data = 0x82e6378, 
  name = 0x82c29d8 "pbx_thread", ' ' <repeats 11 times>, "started at [
2646] pbx.c ast_pbx_start()"}
http://bugs.digium.com/view.php?id=6  0xb7f20240 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
http://bugs.digium.com/view.php?id=7  0xb7e3b49e in clone () from
/lib/tls/i686/cmov/libc.so.6
No symbol table info available. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-01-13 10:50 ZX81           Note Added: 0097578                          
======================================================================

More information about the asterisk-bugs mailing list