[asterisk-bugs] [LibPRI 0017522]: segfault in pri_schedule_del - ctrl invalid value

Asterisk Bug Tracker noreply at bugs.digium.com
Wed Nov 17 15:26:32 CST 2010 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=17522 
====================================================================== 
Reported By:                wuwu
Assigned To:                rmudgett
====================================================================== 
Project:                    LibPRI
Issue ID:                   17522
Category:                   General
Reproducibility:            have not tried
Severity:                   crash
Priority:                   normal
Status:                     closed
Asterisk Version:           Older 1.4 - please test a newer version 
JIRA:                        
libpri Version:             1.4.11 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2010-06-17 13:44 CDT
Last Modified:              2010-11-17 15:26 CST
====================================================================== 
Summary:                    segfault in pri_schedule_del - ctrl invalid value
Description: 
have had this crash for the first time. ctrl does have value 0x2 - so in
the while loop it does crash.

Short backtrace

(gdb) bt
https://issues.asterisk.org/view.php?id=0  0x0068f3a2 in pri_schedule_del
(ctrl=0x2, id=0) at prisched.c:178
https://issues.asterisk.org/view.php?id=1  0x00691be3 in stop_t303
(call=0xb53546d0) at q931.c:4726
https://issues.asterisk.org/view.php?id=2  0x00697930 in __q931_hangup
(ctrl=<value optimized out>, c=0xb53546d0,
cause=16) at q931.c:5445
https://issues.asterisk.org/view.php?id=3  0x00689ea8 in pri_hangup (pri=0x0,
call=0x2, cause=2) at pri.c:983
https://issues.asterisk.org/view.php?id=4  0x010130ed in dahdi_hangup
(ast=0xb5325848) at chan_dahdi.c:2991
https://issues.asterisk.org/view.php?id=5  0x0808562b in ast_hangup
(chan=0xb5325848) at channel.c:1522
https://issues.asterisk.org/view.php?id=6  0x080cf60e in __ast_pbx_run
(c=0xb5325848) at pbx.c:2576
https://issues.asterisk.org/view.php?id=7  0x080d017e in pbx_thread
(data=0xb5325848) at pbx.c:2636
https://issues.asterisk.org/view.php?id=8  0x080ffdab in dummy_start
(data=0xb5355fb8) at utils.c:856
https://issues.asterisk.org/view.php?id=9  0x009a35ab in start_thread () from
/lib/libpthread.so.0
https://issues.asterisk.org/view.php?id=10 0x008f9cfe in clone () from
/lib/libc.so.6

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0018032 [patch] Asterisk is core dumping with L...
====================================================================== 

---------------------------------------------------------------------- 
 (0128932) svnbot (reporter) - 2010-11-17 15:26
 https://issues.asterisk.org/view.php?id=17522#c128932 
---------------------------------------------------------------------- 
Repository: libpri
Revision: 2136

U   tags/1.4.11.5/pri.c
U   tags/1.4.11.5/pri_facility.c
U   tags/1.4.11.5/pri_internal.h
U   tags/1.4.11.5/q931.c

------------------------------------------------------------------------
r2136 | rmudgett | 2010-11-17 15:26:30 -0600 (Wed, 17 Nov 2010) | 24 lines

Merged revision 2015 from
https://origsvn.digium.com/svn/libpri/branches/1.4

..........
  r2015 | rmudgett | 2010-10-14 12:09:40 -0500 (Thu, 14 Oct 2010) | 16
lines

  Segfault in pri_schedule_del() - ctrl value is invalid.

  Validate the given call pointer in libpri API calls.  If the call
pointer
  is not an active call record then a complaint message is issued and the
  API call aborts.  The call pointer is likely stale.

  This patch is defensive.  More information is needed to figure out why
  Asterisk still has a call pointer during its hangup sequence.

  (closes issue https://issues.asterisk.org/view.php?id=17522)
  (closes issue https://issues.asterisk.org/view.php?id=18032)
  Reported by: schmoozecom
  Patches:
	issue_18032_v1.4.patch uploaded by rmudgett (license 664)
	issue_18032_v1.4.11.4.patch uploaded by rmudgett (license 664)
  Tested by: rmudgett
..........

------------------------------------------------------------------------

http://svn.digium.com/view/libpri?view=rev&revision=2136 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-11-17 15:26 svnbot         Checkin                                      
2010-11-17 15:26 svnbot         Note Added: 0128932                          
======================================================================

More information about the asterisk-bugs mailing list