[asterisk-bugs] [JIRA] (ASTERISK-27238) Bridging: Crash freeing a frame that's already been freed
Richard Mudgett (JIRA)
noreply at issues.asterisk.org
Wed Nov 15 16:40:41 CST 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=240049#comment-240049 ]
Richard Mudgett commented on ASTERISK-27238:
--------------------------------------------
The second part of that patch is something unrelated that valgrind found. It is not contributing to the memory corruption. Many memcpy implementations are "safe" to use on overlapping blocks if you are shifting the block down in memory. Memcpy is not guaranteed to copy memory correctly if the blocks overlap where memmove will work on overlapping blocks.
> Bridging: Crash freeing a frame that's already been freed
> ---------------------------------------------------------
>
> Key: ASTERISK-27238
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27238
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/Bridging
> Affects Versions: 14.6.0
> Environment: Centos 7
> Reporter: Richard Kenner
> Assignee: Unassigned
> Attachments: confbridge.conf, traceback.txt, valgrind.txt
>
>
> See traceback.txt traceback. The frame being freed is below:
> {noformat}
> $2 = {frametype = AST_FRAME_VOICE, subclass = {integer = 0,
> format = 0x24bc940, frame_ending = 0}, datalen = 0, samples = 320,
> mallocd = 1, mallocd_hdr_len = 545, offset = 64,
> src = 0x7f554c00c7a8 "func_jitterbuffer interpolation", data = {ptr = 0x0,
> uint32 = 0, pad = "\000\000\000\000\000\000\000"}, delivery = {
> tv_sec = 1504146592, tv_usec = 647484}, frame_list = {
> next = 0x7f5544002de0}, flags = 0, ts = 0, len = 0, seqno = 0}
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list