[asterisk-bugs] [Asterisk 0014086]: Address out of bounds in queue_log using transfer
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Jan 13 11:04:53 CST 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=14086
======================================================================
Reported By: ZX81
Assigned To: putnopvut
======================================================================
Project: Asterisk
Issue ID: 14086
Category: Applications/app_queue
Reproducibility: random
Severity: crash
Priority: normal
Status: ready for testing
Asterisk Version: SVN
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): 1.4
SVN Revision (number only!): 131480
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-12-15 20:31 CST
Last Modified: 2009-01-13 11:04 CST
======================================================================
Summary: Address out of bounds in queue_log using transfer
Description:
This system has been up without problems for around 100 days until this
week at which stage it has crashed twice:
http://bugs.digium.com/view.php?id=0 0xb7dcd463 in strlen () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=1 0xb7da1164 in vfprintf () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=2 0xb7da62e2 in fprintf () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=3 0x080aff57 in ast_queue_log
(queuename=0x18 <Address 0x18 out of
bounds>, callid=0xb7e8 <Address 0xb7e8 out of bounds>,
agent=0x8cfd518 "SIP/8780", event=0xb749ffee "TRANSFER",
fmt=0xb749ffe0 "%s|%s|%ld|%ld") at logger.c:359
http://bugs.digium.com/view.php?id=4 0xb7491933 in queue_transfer_fixup
(data=0x8c9bf90,
old_chan=0xb5fbb868, new_chan=0xb5f9fef0) at app_queue.c:2582
http://bugs.digium.com/view.php?id=5 0x0808428d in ast_do_masquerade
(original=0xb5f9fef0) at
channel.c:3537
http://bugs.digium.com/view.php?id=6 0x080867d9 in __ast_read (chan=0xb5f9fef0,
dropaudio=0) at
channel.c:1971
http://bugs.digium.com/view.php?id=7 0x08089822 in ast_channel_bridge
(c0=0xb5f9fef0, c1=0xb5f9fef0,
config=0xb6af8e7c, fo=0xb6af7f88, rc=0xb6af7f84)
at channel.c:2366
http://bugs.digium.com/view.php?id=8 0xb7c5659d in ast_bridge_call
(chan=0xb5f9fef0, peer=0x8d830c0,
config=0xb6af8e7c) at res_features.c:1486
http://bugs.digium.com/view.php?id=9 0xb7b4d37d in dial_exec_full
(chan=0xb5f9fef0, data=<value optimized
out>, peerflags=0xb6af8f44, continue_exec=0x0)
at app_dial.c:1775
http://bugs.digium.com/view.php?id=10 0xb7b4d7e2 in dial_exec (chan=0xb5f9fef0,
data=0xb6afafb8) at
app_dial.c:1829
http://bugs.digium.com/view.php?id=11 0x080cd947 in pbx_extension_helper
(c=0xb5f9fef0, con=0x0,
context=0xb5fa0070 "internal", exten=0xb5fa00c0 "10800226440",
priority=1, label=0x0, callerid=0xb678e7d0 "8721", action=E_SPAWN) at
pbx.c:537
http://bugs.digium.com/view.php?id=12 0x080cf931 in __ast_pbx_run (c=0xb5f9fef0)
at pbx.c:2317
http://bugs.digium.com/view.php?id=13 0x080d098e in pbx_thread (data=0xb5f9fef0)
at pbx.c:2621
http://bugs.digium.com/view.php?id=14 0x080ff5d0 in dummy_start
(data=0xb64b1070) at utils.c:912
http://bugs.digium.com/view.php?id=15 0xb7f12240 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
http://bugs.digium.com/view.php?id=16 0xb7e2d49e in clone () from
/lib/tls/i686/cmov/libc.so.6
and
http://bugs.digium.com/view.php?id=0 0xb7ddb43b in strlen () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=1 0xb7daf164 in vfprintf () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=2 0xb7db42e2 in fprintf () from
/lib/tls/i686/cmov/libc.so.6
http://bugs.digium.com/view.php?id=3 0x080aff57 in ast_queue_log
(queuename=0x20c62e <Address 0x20c62e out
of bounds>,
callid=0x493ece85 <Address 0x493ece85 out of bounds>, agent=0xcd87eb0
"SIP/8846", event=0xb74e9fee "TRANSFER",
fmt=0xb74e9fe0 "%s|%s|%ld|%ld") at logger.c:359
http://bugs.digium.com/view.php?id=4 0xb74db933 in queue_transfer_fixup
(data=0xd2b21b0,
old_chan=0xdc9d218, new_chan=0xdc73aa8) at app_queue.c:2582
http://bugs.digium.com/view.php?id=5 0x0808428d in ast_do_masquerade
(original=0xdc73aa8) at
channel.c:3537
http://bugs.digium.com/view.php?id=6 0x080867d9 in __ast_read (chan=0xdc73aa8,
dropaudio=0) at
channel.c:1971
http://bugs.digium.com/view.php?id=7 0x08089822 in ast_channel_bridge
(c0=0xdc73aa8, c1=0xdc73aa8,
config=0xb4efae7c, fo=0xb4ef9fa8, rc=0xb4ef9fa4)
at channel.c:2366
http://bugs.digium.com/view.php?id=8 0xb7c6459d in ast_bridge_call
(chan=0xdc73aa8, peer=0xdc79a50,
config=0xb4efae7c) at res_features.c:1486
http://bugs.digium.com/view.php?id=9 0xb7b9737d in dial_exec_full
(chan=0xdc73aa8, data=<value optimized
out>, peerflags=0xb4efaf44, continue_exec=0x0)
at app_dial.c:1775
http://bugs.digium.com/view.php?id=10 0xb7b977e2 in dial_exec (chan=0xdc73aa8,
data=0xb4efcfb8) at
app_dial.c:1829
http://bugs.digium.com/view.php?id=11 0x080cd947 in pbx_extension_helper
(c=0xdc73aa8, con=0x0,
context=0xdc73c28 "internal", exten=0xdc73c78 "5765", priority=1,
label=0x0, callerid=0xdc00e90 "8897", action=E_SPAWN) at pbx.c:537
http://bugs.digium.com/view.php?id=12 0x080cf931 in __ast_pbx_run (c=0xdc73aa8)
at pbx.c:2317
http://bugs.digium.com/view.php?id=13 0x080d098e in pbx_thread (data=0xdc73aa8)
at pbx.c:2621
http://bugs.digium.com/view.php?id=14 0x080ff5d0 in dummy_start (data=0x91d8e50)
at utils.c:912
http://bugs.digium.com/view.php?id=15 0xb7f20240 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
http://bugs.digium.com/view.php?id=16 0xb7e3b49e in clone () from
/lib/tls/i686/cmov/libc.so.6
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0014060 [patch] Astrerisk crashes using the app...
======================================================================
----------------------------------------------------------------------
(0097584) putnopvut (administrator) - 2009-01-13 11:04
http://bugs.digium.com/view.php?id=14086#c97584
----------------------------------------------------------------------
The new crash seems to be another case of the same thing happening, just in
a new place now. When a channel is being hung up, we're trying to free a
datastore that already was previously freed. The problem is that when we
freed it previously, we needed to also remove the datastore from the list
so that this wouldn't happen again.
The new backtrace doesn't give a lot of information regarding which
datastore carries the problem, although assuming the queue transfer
datastore is at fault is not a bad base assumption.
ZX81, I have two requests. One is that for future backtrace uploads,
please attach the text as a file upload instead of placing the text
directly in notes. The second is, if possible, could you run Asterisk under
valgrind? Instructions for how to do it are in doc/valgrind.txt in the
Asterisk source directory.
I'll continue looking myself and trying my own valgrind runs, too.
Issue History
Date Modified Username Field Change
======================================================================
2009-01-13 11:04 putnopvut Note Added: 0097584
======================================================================
More information about the asterisk-bugs
mailing list