[asterisk-bugs] [Asterisk 0017248]: it crashes handling dtmf relay
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Apr 27 11:16:51 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17248
======================================================================
Reported By: falves11
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17248
Category: Channels/chan_sip/General
Reproducibility: sometimes
Severity: crash
Priority: normal
Status: new
Asterisk Version: Addons-1.6.1.3
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.1
SVN Revision (number only!): 258705
Request Review:
======================================================================
Date Submitted: 2010-04-27 06:27 CDT
Last Modified: 2010-04-27 11:16 CDT
======================================================================
Summary: it crashes handling dtmf relay
Description:
I am uploading the trace.
======================================================================
----------------------------------------------------------------------
(0120990) davidw (reporter) - 2010-04-27 11:16
https://issues.asterisk.org/view.php?id=17248#c120990
----------------------------------------------------------------------
I'm sorry, but this report was sufficient to identify a clear bug in only
about 5 minutes. I realise that people often don't provide enough
information but sometimes it is unrealistic to provide the officially
required information, and particular, for some of those cases, especially
those involving crashes, the actual information can still be enough to find
and fix a bug.
In this case, the code skeleton is:
struct ast_frame *f = NULL;
.....
} else if ((rtp->resp == resp) && !power) {
f = create_dtmf_frame(rtp, AST_FRAME_DTMF_END);
f->samples = rtp->dtmfsamples * (rtp_get_rate(f->subclass) / 1000);
rtp->resp = 0;
} else if (rtp->resp == resp)
rtp->dtmfsamples += 20 * (rtp_get_rate(f->subclass) / 1000);
There is no looping, so it is trivial to demonstrate that f must be null
on the final else, and therefore that, either that else clause is
unreachable, or it will always crash, both cases being bugs.
Issue History
Date Modified Username Field Change
======================================================================
2010-04-27 11:16 davidw Note Added: 0120990
======================================================================
More information about the asterisk-bugs
mailing list