[asterisk-bugs] [Asterisk 0019072]: crash in ast_frdup with oversized udptl frame
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue May 24 09:49:21 CDT 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=19072
======================================================================
Reported By: vrban
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 19072
Category: Channels/chan_sip/T.38
Reproducibility: unable to reproduce
Severity: crash
Priority: normal
Status: acknowledged
Asterisk Version: 1.4.40
JIRA: SWP-3309
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2011-04-06 06:05 CDT
Last Modified: 2011-05-24 09:49 CDT
======================================================================
Summary: crash in ast_frdup with oversized udptl frame
Description:
a crash, see gdb_output.txt
noticeable is the oversized datalen:
$2 = {frametype = AST_FRAME_MODEM, subclass = 1, datalen = 79109792,
samples = 0, mallocd = 0, mallocd_hdr_len = 0, offset = 0,
src = 0x4e05fe "UDPTL", data = 0x4b71e98, delivery = {tv_sec = 0,
tv_usec = 0}, frame_list = {next = 0x54a0368}, flags = 0, ts = 0, len = 0,
seqno = 33223}
======================================================================
----------------------------------------------------------------------
(0135337) vrban (reporter) - 2011-05-24 09:49
https://issues.asterisk.org/view.php?id=19072#c135337
----------------------------------------------------------------------
I attached the call as pcap, which crashed asterisk in gdb2.txt. See paket
No. 98 and 100. this to RTP packages were send to the udptl port 4101 after
the 200 OK to for the t.38 re-INVITE. And this crash asterisk.
You nicely can see the BYE retransmission, because asterisk was death...
Issue History
Date Modified Username Field Change
======================================================================
2011-05-24 09:49 vrban Note Added: 0135337
======================================================================
More information about the asterisk-bugs
mailing list