[asterisk-bugs] [Asterisk 0014217]: [patch] app_page causes undefined behavior when paging a page group with more than 128 extensions
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Jan 13 19:16:55 CST 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=14217
======================================================================
Reported By: a_villacis
Assigned To: otherwiseguy
======================================================================
Project: Asterisk
Issue ID: 14217
Category: Applications/app_page
Reproducibility: always
Severity: major
Priority: normal
Status: confirmed
Asterisk Version: 1.4.22
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2009-01-12 10:06 CST
Last Modified: 2009-01-13 19:16 CST
======================================================================
Summary: [patch] app_page causes undefined behavior when
paging a page group with more than 128 extensions
Description:
When defining a paging group, if this group has more than 128 extensions,
an attempt to ring this paging group causes *all* calls (including those
belonging to extensions not part of the group) to be hung up. Analysis of
the root problem shows that a range of undefined behaviors can occur, up to
and including the crash of the Asterisk server.
======================================================================
----------------------------------------------------------------------
(0097693) otherwiseguy (administrator) - 2009-01-13 19:16
http://bugs.digium.com/view.php?id=14217#c97693
----------------------------------------------------------------------
Ok, the changes I made to the patch are as follows:
1) Started num_dials at 1 to remove axtra num_dials++ and remoted the if
(*tmp) since the while(*p) was the same check. Also reformatted it a bit
to conform with coding guidelines.
2) The above mentioned ast_malloc to ast_calloc change, combined with
doing the allocation and check for failure at the same time, ala if
(!(dial_list = ast_calloc(num_dials, sizeof(void *)) {}
3) Rmoved the "Ensure this dial slot is valid" if (dial = NULL) continue;
line. It looks like pos is only incremented when there is a non-NULL dial,
so if n=8, pos will equal 9 when the last entry is added. The for loop is
for(i = 0; i < 9;i++) in that case which would stay within the bounds of
our array.
If you find any errors with any of this, please reopen the ticket and let
me know.
Issue History
Date Modified Username Field Change
======================================================================
2009-01-13 19:16 otherwiseguy Note Added: 0097693
======================================================================
More information about the asterisk-bugs
mailing list