[asterisk-bugs] [JIRA] (ASTERISK-27238) Yet another crash freeing a frame that's already been freed

Richard Kenner (JIRA) noreply at issues.asterisk.org
Fri Sep 1 16:47:07 CDT 2017 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-27238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Kenner updated ASTERISK-27238:
--------------------------------------

    Description: 

$2 = {frametype = AST_FRAME_VOICE, subclass = {integer = 0, 
    format = 0x24bc940, frame_ending = 0}, datalen = 0, samples = 320, 
  mallocd = 1, mallocd_hdr_len = 545, offset = 64, 
  src = 0x7f554c00c7a8 "func_jitterbuffer interpolation", data = {ptr = 0x0, 
    uint32 = 0, pad = "\000\000\000\000\000\000\000"}, delivery = {
    tv_sec = 1504146592, tv_usec = 647484}, frame_list = {
    next = 0x7f5544002de0}, flags = 0, ts = 0, len = 0, seqno = 0}


  was:
#0  0x00007f5568c3d1d7 in raise () from /lib64/libc.so.6
#1  0x00007f5568c3e8c8 in abort () from /lib64/libc.so.6
#2  0x00007f5568c7cf07 in __libc_message () from /lib64/libc.so.6
#3  0x00007f5568c84503 in _int_free () from /lib64/libc.so.6
#4  0x0000000000523dff in __frame_free (cache=1, fr=0x7f554c00c6e0)
    at frame.c:157
#5  ast_frame_free (frame=frame at entry=0x7f554c00c6e0, cache=cache at entry=1)
    at frame.c:171
#6  0x00000000005f3491 in ast_translate (path=0x7f554c021330, 
    f=f at entry=0x7f554c00c6e0, consume=consume at entry=1) at translate.c:626
#7  0x00000000004c1b2d in __ast_read (chan=0x7f552801f298, 
    dropaudio=dropaudio at entry=0) at channel.c:4315
#8  0x00000000004c1ed7 in ast_read (chan=<optimized out>) at channel.c:4398
#9  0x000000000048342f in bridge_handle_trip (bridge_channel=0x7f554c00cf98)
    at bridge_channel.c:2431
#10 bridge_channel_wait (bridge_channel=0x7f554c00cf98)
    at bridge_channel.c:2611
#11 bridge_channel_internal_join (
    bridge_channel=bridge_channel at entry=0x7f554c00cf98)
    at bridge_channel.c:2757
#12 0x000000000046d47e in ast_bridge_join (bridge=0x7f553c005058, 
    chan=chan at entry=0x7f552801f298, swap=swap at entry=0x0, 
    features=features at entry=0x7f556739c538, 
---Type <return> to continue, or q <return> to quit---  
    tech_args=tech_args at entry=0x7f556739c560, flags=flags at entry=(unknown: 0))
    at bridge.c:1715
#13 0x00007f54e83f58de in confbridge_exec (chan=0x7f552801f298, 
    data=<optimized out>) at app_confbridge.c:2448
#14 0x00000000005895a6 in pbx_exec (c=c at entry=0x7f552801f298, 
    app=app at entry=0x28df9a0, 
    data=data at entry=0x7f556739cb20 "206,,,default_menu") at pbx_app.c:491
#15 0x000000000057d9f9 in pbx_extension_helper (c=c at entry=0x7f552801f298, 
    context=0x7f552801fc68 "Conferences", 
    exten=exten at entry=0x7f552801fcb8 "206", priority=priority at entry=5, 
    label=label at entry=0x0, callerid=callerid at entry=0x7f552804d0a0 "150", 
    action=action at entry=E_SPAWN, found=found at entry=0x7f556739eba0, 
    combined_find_spawn=combined_find_spawn at entry=1, con=0x0) at pbx.c:2923
#16 0x000000000057f903 in ast_spawn_extension (combined_find_spawn=1, 
    found=0x7f556739eba0, callerid=0x7f552804d0a0 "150", priority=5, 
    exten=0x7f552801fcb8 "206", context=<optimized out>, c=0x7f552801f298)
    at pbx.c:4154
#17 __ast_pbx_run (c=c at entry=0x7f552801f298, args=args at entry=0x0)
    at pbx.c:4328
#18 0x0000000000580e23 in pbx_thread (data=data at entry=0x7f552801f298)
    at pbx.c:4650
#19 0x00000000005f917a in dummy_start (data=<optimized out>) at utils.c:1233
#20 0x00007f5569a3fdc5 in start_thread () from /lib64/libpthread.so.0

$2 = {frametype = AST_FRAME_VOICE, subclass = {integer = 0, 
    format = 0x24bc940, frame_ending = 0}, datalen = 0, samples = 320, 
  mallocd = 1, mallocd_hdr_len = 545, offset = 64, 
  src = 0x7f554c00c7a8 "func_jitterbuffer interpolation", data = {ptr = 0x0, 
    uint32 = 0, pad = "\000\000\000\000\000\000\000"}, delivery = {
    tv_sec = 1504146592, tv_usec = 647484}, frame_list = {
    next = 0x7f5544002de0}, flags = 0, ts = 0, len = 0, seqno = 0}



> Yet another crash freeing a frame that's already been freed
> -----------------------------------------------------------
>
>                 Key: ASTERISK-27238
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27238
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/Bridging
>    Affects Versions: 14.6.0
>         Environment: Centos 7
>            Reporter: Richard Kenner
>         Attachments: valgrind.txt
>
>
> $2 = {frametype = AST_FRAME_VOICE, subclass = {integer = 0, 
>     format = 0x24bc940, frame_ending = 0}, datalen = 0, samples = 320, 
>   mallocd = 1, mallocd_hdr_len = 545, offset = 64, 
>   src = 0x7f554c00c7a8 "func_jitterbuffer interpolation", data = {ptr = 0x0, 
>     uint32 = 0, pad = "\000\000\000\000\000\000\000"}, delivery = {
>     tv_sec = 1504146592, tv_usec = 647484}, frame_list = {
>     next = 0x7f5544002de0}, flags = 0, ts = 0, len = 0, seqno = 0}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list