[asterisk-bugs] [JIRA] (ASTERISK-27238) Yet another crash freeing a frame that's already been freed

Richard Kenner (JIRA) noreply at issues.asterisk.org
Wed Sep 6 17:37:09 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238541#comment-238541 ] 

Richard Kenner commented on ASTERISK-27238:
-------------------------------------------

I think it should be trivial to at least see it in valgrind, even if you don't see the crash.  The incoming channel was a SIP phone (Aastra) with the sln16 codec, I'll attach confbridge.conf.  The dialplan is huge, but the relevant part is under [Conferences]:

{noformat}
exten => _20Z,1,Answer(1000)                    ; Answer and delay a bit.       
 same => n,GosubIf($[x${AUTH}=x]?Authenticate,s,1([redacted])); Authenticate.         
 same => n,GosubIf($[x${CALLERID(num)}=x]?Ask-CID,s,1) ; Ask for CID if none.   
 same => n,Set(STATS_INC(conf_room)=1)          ; Count it.                     
 same => n,ConfBridge(${EXTEN},,,default_menu)  ; Enter the conference.  
{noformat}


> Yet another crash freeing a frame that's already been freed
> -----------------------------------------------------------
>
>                 Key: ASTERISK-27238
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27238
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/Bridging
>    Affects Versions: 14.6.0
>         Environment: Centos 7
>            Reporter: Richard Kenner
>            Assignee: Richard Kenner
>         Attachments: traceback.txt, valgrind.txt
>
>
> See traceback.txt traceback.  The frame being freed is below:
> {noformat}
> $2 = {frametype = AST_FRAME_VOICE, subclass = {integer = 0, 
>     format = 0x24bc940, frame_ending = 0}, datalen = 0, samples = 320, 
>   mallocd = 1, mallocd_hdr_len = 545, offset = 64, 
>   src = 0x7f554c00c7a8 "func_jitterbuffer interpolation", data = {ptr = 0x0, 
>     uint32 = 0, pad = "\000\000\000\000\000\000\000"}, delivery = {
>     tv_sec = 1504146592, tv_usec = 647484}, frame_list = {
>     next = 0x7f5544002de0}, flags = 0, ts = 0, len = 0, seqno = 0}
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list