[asterisk-bugs] [Asterisk 0017371]: DAHDI analog FXS port segfaults after dialling 2nd DTMF digit

Asterisk Bug Tracker noreply at bugs.digium.com
Fri May 21 04:39:36 CDT 2010 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=17371 
====================================================================== 
Reported By:                alecdavis
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   17371
Category:                   Core/PBX
Reproducibility:            always
Severity:                   crash
Priority:                   high
Status:                     new
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 264905 
Request Review:              
====================================================================== 
Date Submitted:             2010-05-21 04:14 CDT
Last Modified:              2010-05-21 04:39 CDT
====================================================================== 
Summary:                    DAHDI analog FXS port segfaults after dialling 2nd
DTMF digit
Description: 


https://issues.asterisk.org/view.php?id=1  0x080e12f4 in ast_dsp_process
(chan=0x85e23d8, dsp=0x85e5008,
af=0x85d1560) at dsp.c:1418
1418                                   
memmove(&dsp->digit_state.digitlen[0], &dsp->digit_state.digitlen[1],
<b>dsp->digit_state.current_len *
</b>sizeof(dsp->digit_state.digitlen[0]));
(gdb) p  dsp->digit_state.current_len
$1 = 2
(gdb) p dsp->digit_state.digitlen[0]
$2 = 0
(gdb) p dsp->digit_state.digitlen[1]
$3 = 0
(gdb) quit

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0017235 [patch] asterisk dsp always reports det...
====================================================================== 

---------------------------------------------------------------------- 
 (0122236) alecdavis (manager) - 2010-05-21 04:39
 https://issues.asterisk.org/view.php?id=17371#c122236 
---------------------------------------------------------------------- 
Hum wasn't as simple as removing the 'dsp->digit_state.current_len *' from
the memmove, next crash:

(gdb) frame 1
https://issues.asterisk.org/view.php?id=1  0x080e12ae in ast_dsp_process
(chan=0x86631b8, dsp=0x86657a0,
af=0xaf204d60) at dsp.c:1416
1416                                   
memmove(&dsp->digit_state.digits[0], &dsp->digit_state.digits[1],
dsp->digit_state.current_digits);

(gdb) p dsp->digit_state.current_digits
$1 = 16777215
(gdb) p dsp->digit_state.digits[0]
$2 = 0 '\0'
(gdb) p dsp->digit_state.digits[1]
$3 = 0 '\0'

(gdb) p sizeof(dsp->digit_state.digits[1])
$4 = 1 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-05-21 04:39 alecdavis      Note Added: 0122236                          
======================================================================

More information about the asterisk-bugs mailing list