[asterisk-bugs] [JIRA] (ASTERISK-24774) Segfault in ast_context_destroy with extensions.ael and extensions.conf

Matt Jordan (JIRA) noreply at issues.asterisk.org
Sun Apr 19 14:54:33 CDT 2015 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=225935#comment-225935 ] 

Matt Jordan commented on ASTERISK-24774:
----------------------------------------

Using the latest tip of 11, I'm not able to reproduce the crash you have here using the provided dialplan (extensions.conf) and a blank extensions.ael.

I am still able to reproduce a similar crash using the {{pbx/callerid_merge}} test, although the backtrace does look a bit different:

{noformat}
 16 [Thread debugging using libthread_db enabled]
 17 Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
 18 Core was generated by `/usr/sbin/asterisk -f -g -q -m -n -C /tmp/asterisk-testsuite/483c7dcc41a42228c9'.
 19 Program terminated with signal SIGSEGV, Segmentation fault.
 20 #0  0x00000000004f7336 in ast_hashtab_start_traversal (tab=0x0) at hashtab.c:711
 21 711             it->next = tab->tlist;
 22 #0  0x00000000004f7336 in ast_hashtab_start_traversal (tab=0x0) at hashtab.c:711
 23         it = 0x7fa9ac000930
 24         __PRETTY_FUNCTION__ = "ast_hashtab_start_traversal"
 25 #1  0x000000000054cafe in __ast_context_destroy (list=0x255c810, contexttab=0x2554c20, con=0x0, registrar=0x5caa1e "features") at pbx.c:10889
 26         end_traversal = 1
 27         prio_iter = 0x7fa9ac000930
 28         ipl = 0x0
 29         ipn = 0x0
 30         i = 0x0
 31         sw = 0x0
 32         exten_iter = 0x7fa9ac000b40
 33         ip = 0x0
 34         pi = 0x0
 35         ni = 0x0
 36         next = 0x0
 37         tmp = 0x255ad40
 38         tmpl = 0x0
 39         exten_item = 0x255f720
 40         prio_item = 0x0
 41         __PRETTY_FUNCTION__ = "__ast_context_destroy"
 42 #2  0x000000000054d13c in ast_context_destroy (con=0x0, registrar=0x5caa1e "features") at pbx.c:10968
 43 No locals.
 44 #3  0x00000000004e5628 in features_shutdown () at features.c:9072
 45 No locals.
 46 #4  0x0000000000442c63 in ast_run_atexits (run_cleanups=1) at asterisk.c:973     
{noformat}

In this case, we're crashing on shutdown, with what appears to be a NULL {{peer_table}}. It doesn't look like the PBX core is especially clear on whether or not this can be NULL. Plenty of places assume that it can't be NULL, but in other locations we clearly set the pointer to NULL. Lovely.

> Segfault in ast_context_destroy with extensions.ael and extensions.conf
> -----------------------------------------------------------------------
>
>                 Key: ASTERISK-24774
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24774
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/PBX
>    Affects Versions: 11.16.0
>            Reporter: Corey Farrell
>         Attachments: backtrace_11054.txt, backtrace_noload-pbx_lua.txt, extensions.conf, testsuite-pbx-callerid_match.patch
>
>
> While attempting to resolve open channels in testsuite/tests/pbx/callerid_match I am experiencing a segfault every time.  I do not know AGI enough to understand why, but running 'agi.finish()' on the calls in this test seems to cause a segfault on shutdown (somehow contexts become corrupted).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list