[asterisk-bugs] [Asterisk 0017474]: [patch] Crash in dsp.c when entering digits from SpeechBackground

Asterisk Bug Tracker noreply at bugs.digium.com
Sat Jun 5 12:46:51 CDT 2010 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=17474 
====================================================================== 
Reported By:                kenner
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   17474
Category:                   Core/General
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.2 
SVN Revision (number only!): 268453 
Request Review:              
====================================================================== 
Date Submitted:             2010-06-05 11:36 CDT
Last Modified:              2010-06-05 12:46 CDT
====================================================================== 
Summary:                    [patch] Crash in dsp.c when entering digits from
SpeechBackground
Description: 
The field current_len is set to zero and decremented, but never incremented
in dsp.c.  But its used as the operand of memmove, so the second time the
code in question is executed, memmove is passed an operand of -1, which
causes a crash.  I have a patch, which fixes the problem, but I don't
understand the code enough to be completely confident that it's correct.

====================================================================== 

---------------------------------------------------------------------- 
 (0123008) kenner (reporter) - 2010-06-05 12:46
 https://issues.asterisk.org/view.php?id=17474#c123008 
---------------------------------------------------------------------- 
Yes, that seems like the identical problem.  The patch there seems
incorrect to me, but it might be worth seeing if the patch here fixes that
issue.  I think there needs to be a code cleanup here: if current_digits
and current_len are really to mean different things, there needs to be
better documentation saying what each means and a better accounting for
their values. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-06-05 12:46 kenner         Note Added: 0123008                          
======================================================================

More information about the asterisk-bugs mailing list