[asterisk-bugs] [LibPRI 0017522]: segfault in pri_schedule_del - ctrl invalid value

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Oct 14 12:09:43 CDT 2010 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=17522 
====================================================================== 
Reported By:                wuwu
Assigned To:                
====================================================================== 
Project:                    LibPRI
Issue ID:                   17522
Category:                   General
Reproducibility:            have not tried
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:           Older 1.4 - please test a newer version 
JIRA:                        
libpri Version:             1.4.11 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2010-06-17 13:44 CDT
Last Modified:              2010-10-14 12:09 CDT
====================================================================== 
Summary:                    segfault in pri_schedule_del - ctrl invalid value
Description: 
have had this crash for the first time. ctrl does have value 0x2 - so in
the while loop it does crash.

Short backtrace

(gdb) bt
https://issues.asterisk.org/view.php?id=0  0x0068f3a2 in pri_schedule_del
(ctrl=0x2, id=0) at prisched.c:178
https://issues.asterisk.org/view.php?id=1  0x00691be3 in stop_t303
(call=0xb53546d0) at q931.c:4726
https://issues.asterisk.org/view.php?id=2  0x00697930 in __q931_hangup
(ctrl=<value optimized out>, c=0xb53546d0,
cause=16) at q931.c:5445
https://issues.asterisk.org/view.php?id=3  0x00689ea8 in pri_hangup (pri=0x0,
call=0x2, cause=2) at pri.c:983
https://issues.asterisk.org/view.php?id=4  0x010130ed in dahdi_hangup
(ast=0xb5325848) at chan_dahdi.c:2991
https://issues.asterisk.org/view.php?id=5  0x0808562b in ast_hangup
(chan=0xb5325848) at channel.c:1522
https://issues.asterisk.org/view.php?id=6  0x080cf60e in __ast_pbx_run
(c=0xb5325848) at pbx.c:2576
https://issues.asterisk.org/view.php?id=7  0x080d017e in pbx_thread
(data=0xb5325848) at pbx.c:2636
https://issues.asterisk.org/view.php?id=8  0x080ffdab in dummy_start
(data=0xb5355fb8) at utils.c:856
https://issues.asterisk.org/view.php?id=9  0x009a35ab in start_thread () from
/lib/libpthread.so.0
https://issues.asterisk.org/view.php?id=10 0x008f9cfe in clone () from
/lib/libc.so.6

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0018032 [patch] Asterisk is core dumping with L...
====================================================================== 

---------------------------------------------------------------------- 
 (0128035) svnbot (reporter) - 2010-10-14 12:09
 https://issues.asterisk.org/view.php?id=17522#c128035 
---------------------------------------------------------------------- 
Repository: libpri
Revision: 2015

U   branches/1.4/pri.c
U   branches/1.4/pri_aoc.c
U   branches/1.4/pri_cc.c
U   branches/1.4/pri_facility.c
U   branches/1.4/pri_internal.h
U   branches/1.4/q931.c

------------------------------------------------------------------------
r2015 | rmudgett | 2010-10-14 12:09:42 -0500 (Thu, 14 Oct 2010) | 16 lines

Segfault in pri_schedule_del() - ctrl value is invalid.

Validate the given call pointer in libpri API calls.  If the call pointer
is not an active call record then a complaint message is issued and the
API call aborts.  The call pointer is likely stale.

This patch is defensive.  More information is needed to figure out why
Asterisk still has a call pointer during its hangup sequence.

(closes issue https://issues.asterisk.org/view.php?id=17522)
(closes issue https://issues.asterisk.org/view.php?id=18032)
Reported by: schmoozecom
Patches:
      issue_18032_v1.4.patch uploaded by rmudgett (license 664)
Tested by: rmudgett

------------------------------------------------------------------------

http://svn.digium.com/view/libpri?view=rev&revision=2015 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-10-14 12:09 svnbot         Checkin                                      
2010-10-14 12:09 svnbot         Note Added: 0128035                          
======================================================================

More information about the asterisk-bugs mailing list