[asterisk-bugs] [JIRA] (ASTERISK-22746) Crash in chan_dahdi during caller id read
Michael Walton (JIRA)
noreply at issues.asterisk.org
Tue Oct 22 09:08:04 CDT 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-22746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=211119#comment-211119 ]
Michael Walton commented on ASTERISK-22746:
-------------------------------------------
I've attached a patch against latest chan_dahdi.c that I have tested to work correctly, i.e. prevent the crash. Note also that the callerid_free(p->cs) has been removed, since this is already done in the calling function.
> Crash in chan_dahdi during caller id read
> -----------------------------------------
>
> Key: ASTERISK-22746
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22746
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_dahdi
> Affects Versions: SVN, 1.8.17.0
> Environment: Ubuntu 10.04
> Reporter: Michael Walton
>
> Occasional Asterisk core dump during caller id read on analog channel. Further investigation and core dump analysis shows that a negative return value from the read() in my_get_callerid slips through as a negative length argument to callerid_feed() if the errno returned by DAHDI is ELAST. This would likely cause the crash.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list