[asterisk-bugs] [Asterisk 0017474]: [patch] Crash in dsp.c when entering digits from SpeechBackground

Asterisk Bug Tracker noreply at bugs.digium.com
Sat Jun 5 12:54:57 CDT 2010 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=17474 
====================================================================== 
Reported By:                kenner
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   17474
Category:                   Core/General
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.2 
SVN Revision (number only!): 268453 
Request Review:              
====================================================================== 
Date Submitted:             2010-06-05 11:36 CDT
Last Modified:              2010-06-05 12:54 CDT
====================================================================== 
Summary:                    [patch] Crash in dsp.c when entering digits from
SpeechBackground
Description: 
The field current_len is set to zero and decremented, but never incremented
in dsp.c.  But its used as the operand of memmove, so the second time the
code in question is executed, memmove is passed an operand of -1, which
causes a crash.  I have a patch, which fixes the problem, but I don't
understand the code enough to be completely confident that it's correct.

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
duplicate of        0017371 [patch] [regression] DAHDI analog FXS p...
====================================================================== 

---------------------------------------------------------------------- 
 (0123011) lottc (reporter) - 2010-06-05 12:54
 https://issues.asterisk.org/view.php?id=17474#c123011 
---------------------------------------------------------------------- 
I have uploaded dsp_digitlen_fix.patch, which I believe is a more correct
implementation, however, I have concerns about how current_len is being
calculated.  I think there is a larger fundamental problem here... 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-06-05 12:54 lottc          Note Added: 0123011                          
======================================================================

More information about the asterisk-bugs mailing list