[asterisk-bugs] [Asterisk 0017474]: [patch] Crash in dsp.c when entering digits from SpeechBackground
Asterisk Bug Tracker
noreply at bugs.digium.com
Sat Jun 5 12:55:31 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17474
======================================================================
Reported By: kenner
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17474
Category: Core/General
Reproducibility: always
Severity: crash
Priority: normal
Status: new
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.2
SVN Revision (number only!): 268453
Request Review:
======================================================================
Date Submitted: 2010-06-05 11:36 CDT
Last Modified: 2010-06-05 12:55 CDT
======================================================================
Summary: [patch] Crash in dsp.c when entering digits from
SpeechBackground
Description:
The field current_len is set to zero and decremented, but never incremented
in dsp.c. But its used as the operand of memmove, so the second time the
code in question is executed, memmove is passed an operand of -1, which
causes a crash. I have a patch, which fixes the problem, but I don't
understand the code enough to be completely confident that it's correct.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
duplicate of 0017371 [patch] [regression] DAHDI analog FXS p...
======================================================================
----------------------------------------------------------------------
(0123013) svnbot (reporter) - 2010-06-05 12:55
https://issues.asterisk.org/view.php?id=17474#c123013
----------------------------------------------------------------------
Repository: asterisk
Revision: 268456
U trunk/main/dsp.c
------------------------------------------------------------------------
r268456 | tilghman | 2010-06-05 12:55:27 -0500 (Sat, 05 Jun 2010) | 14
lines
Fix crash in DTMF detection.
What I did not originally see in my previous commit was that even though
the
next digit could be detected before the previous was considered ended, the
detection of the next digit effectively ends the detection of the
previous.
Therefore, the length moves in lockstep with the digit, and no separate
counter
is needed for the length alone.
(closes issue https://issues.asterisk.org/view.php?id=17371)
Reported by: alecdavis
(closes issue https://issues.asterisk.org/view.php?id=17474)
Reported by: kenner
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=268456
Issue History
Date Modified Username Field Change
======================================================================
2010-06-05 12:55 svnbot Checkin
2010-06-05 12:55 svnbot Note Added: 0123013
======================================================================
More information about the asterisk-bugs
mailing list