[asterisk-bugs] [Asterisk 0015997]: [patch] segfault in 1.6.1.6 in _ao2_find, called from chan_iax2 after approx. 75.000 calls
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Feb 9 17:12:01 CST 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=15997
======================================================================
Reported By: exarv
Assigned To: dvossel
======================================================================
Project: Asterisk
Issue ID: 15997
Category: Channels/chan_iax2
Reproducibility: have not tried
Severity: crash
Priority: normal
Status: closed
Target Version: 1.4.31
Asterisk Version: SVN
JIRA: SWP-761
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 2009-10-01 02:37 CDT
Last Modified: 2010-02-09 17:12 CST
======================================================================
Summary: [patch] segfault in 1.6.1.6 in _ao2_find, called
from chan_iax2 after approx. 75.000 calls
Description:
I'm running Asterisk 1.6.1.6 since 19 days now,
but I've had 3 times a segfault on the same address.
Sep 17 13:03:57 switch02 kernel: asterisk[13597]: segfault at
00002aaa0000000a rip 0000000000435c36 rsp 00000000420b1440 error 4
In the mean time 75.517 calls were setup.
Sep 22 19:07:13 switch02 kernel: asterisk[23982]: segfault at
00002aaa0000000a rip 0000000000435c36 rsp 0000000042142440 error 4
In the mean time 76.725 calls were setup.
Sep 28 14:26:16 switch02 kernel: asterisk[2777]: segfault at
00002aaa0000000a rip 0000000000435c36 rsp 0000000042088440 error 4
It's a live server running production traffic. So I don't have much
possibilities to easily test a different version.
Also the issue only happens to me once a week (about once every approx.
75.000 calls).
The segfault didn't happen on the most busiest times (sunday), but just
on the more quiet days.
The last time the server had 50 calls, 97 channels (43 chan_ss7
channels, 46 sip channels and 8 iax2 channels)
Software running:
- CentOS 5 (latest updates as of 11 sept 2009)
- asterisk 1.6.1.6
- chan_ss7 1.2.1
- dahdi-linux 2.2.0.2
- dahdi-tools 2.2.0
- wanpipe 3.5.6
======================================================================
----------------------------------------------------------------------
(0117928) svnbot (reporter) - 2010-02-09 17:12
https://issues.asterisk.org/view.php?id=15997#c117928
----------------------------------------------------------------------
Repository: asterisk
Revision: 245794
_U branches/1.6.2/
U branches/1.6.2/channels/chan_iax2.c
------------------------------------------------------------------------
r245794 | dvossel | 2010-02-09 17:11:59 -0600 (Tue, 09 Feb 2010) | 25
lines
Merged revisions 245793 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
................
r245793 | dvossel | 2010-02-09 17:07:17 -0600 (Tue, 09 Feb 2010) | 18
lines
Merged revisions 245792 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r245792 | dvossel | 2010-02-09 16:55:38 -0600 (Tue, 09 Feb 2010) | 12
lines
Fixes iaxs and iaxsl size off by one issue.
2^15 = 32768 which is the maximum allowed iax2 callnumber.
Creating the iaxs and iaxsl array of size 32768 means the maximum
callnumber is actually out of bounds. This causes a nasty crash.
(closes issue https://issues.asterisk.org/view.php?id=15997)
Reported by: exarv
Patches:
iax_fix.diff uploaded by dvossel (license 671)
........
................
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=245794
Issue History
Date Modified Username Field Change
======================================================================
2010-02-09 17:12 svnbot Checkin
2010-02-09 17:12 svnbot Note Added: 0117928
======================================================================
More information about the asterisk-bugs
mailing list