[asterisk-bugs] [Asterisk 0019368]: The retrans_pkt function can corrupt the message list in the gateway structure
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri May 27 10:57:17 CDT 2011
The following issue has been UPDATED.
======================================================================
https://issues.asterisk.org/view.php?id=19368
======================================================================
Reported By: JeffW
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 19368
Category: Channels/chan_mgcp
Reproducibility: random
Severity: minor
Priority: normal
Status: new
Asterisk Version: 1.8.3.2
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2011-05-25 15:46 CDT
Last Modified: 2011-05-27 10:57 CDT
======================================================================
Summary: The retrans_pkt function can corrupt the message
list in the gateway structure
Description:
I believe there are errors in the retrans_pkt function when a max retries
exceeded error occurs. In the "for" statement the 'prev" variable is set
to an incorrect value when a message in the list has exceeded its retries.
It should remain unchanged, but the "for" statement will set "prev" to
point to the message just removed. This could corrupt the list.
The code attempts to build a list of expired messages using the same
"next" field as used to link the active message list. This corrupts the
value of "cur->next" which is used to process the rest of the active
message list. It will be set to null or point to the expired message list.
======================================================================
----------------------------------------------------------------------
(0135489) lmadsen (administrator) - 2011-05-27 10:57
https://issues.asterisk.org/view.php?id=19368#c135489
----------------------------------------------------------------------
Please post your patches as a unified diff as a text file attachment to
this issue after signing the license agreement.
Issue History
Date Modified Username Field Change
======================================================================
2011-05-27 10:57 lmadsen Note Added: 0135489
2011-05-27 10:57 lmadsen Additional Information Updated
======================================================================
More information about the asterisk-bugs
mailing list