[asterisk-bugs] [JIRA] (ASTERISK-27488) core: If frame with unnegotiated format is read crash will occur
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Fri Dec 22 07:15:41 CST 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Colp updated ASTERISK-27488:
-----------------------------------
Status: Open (was: Triage)
> core: If frame with unnegotiated format is read crash will occur
> ----------------------------------------------------------------
>
> Key: ASTERISK-27488
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27488
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/Streams
> Affects Versions: 15.0.0, 15.1.0, 15.1.1, 15.1.2, 15.1.3
> Environment: Debian 8 Jessie, Asterisk 15.1.3, Cisco SPA 122
> Reporter: Sébastien Duthil
> Severity: Minor
> Labels: fax
> Attachments: full.log, gdb-bt-thread1.txt, rtp.pcapng
>
>
> Given the following setup:
> Fax -> Cisco analog gateway -> SIP -> Asterisk
> Given the Cisco analog gateway is configured with Fax Passthru = NSE (sends a NSE RTP packet upon fax detection)
> Given faxes are handled with the application ReceiveFax
> When I receive a fax from the gateway (in the logs: exten 106 sends a fax to exten 945)
> Then Asterisk crashes with segfault
> Note that in the exact same environment, if I change _only_ this setting on the gateway Fax Passthru = ReINVITE (i.e. no special RTP packet is sent, but a SIP packet instead), and receive another fax then Asterisk does not crash.
> Analyzing the core dump, I see:
> {noformat}
> #1 0x080f41c7 in __ast_read (chan=0xb9cf1d4, dropaudio=0, dropnondefault=1) at channel.c:3703
> (gdb) p f->subclass.format.name
> $3 = 0x827290e "vp8"
> (gdb) p f->subclass.format->codec.name
> $4 = 0x827290e "vp8"
> (gdb) p f->subclass.format->codec.description
> $5 = 0x8272912 "VP8 video"
> (gdb) p f->frametype
> $6 = AST_FRAME_VIDEO
> (gdb) p chan->default_streams
> $7 = {0x0, 0xb647670, 0x0, 0x0, 0x0}
> {noformat}
> The network capture shows the NSE RTP packet at number 41.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list