[asterisk-bugs] [JIRA] (ASTERISK-27238) Yet another crash freeing a frame that's already been freed
Richard Kenner (JIRA)
noreply at issues.asterisk.org
Mon Sep 18 18:36:08 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238741#comment-238741 ]
Richard Kenner commented on ASTERISK-27238:
-------------------------------------------
I am running with some patches that we put in for the previous version of Asterisk to deal with issues with the Siren14 codec. I believe these were fixed other ways, but the patches seem safe, though probably unnecessary with the official fix in. Here they are, for the record:
{noformat}
*** ./main/frame.c.orig 2017-02-13 15:00:19.000000000 -0500
--- ./main/frame.c 2017-03-22 17:08:32.000000000 -0400
***************
*** 674,678 ****
}
! if (!adjustment) {
return 0;
}
--- 674,678 ----
}
! if (!adjustment || !fdata) {
return 0;
}
*** main/slinfactory.c.orig 2017-02-13 15:00:19.000000000 -0500
--- main/slinfactory.c 2017-04-12 09:37:18.000000000 -0400
***************
*** 88,92 ****
* set to either 160 or 240.
*/
! if (!f->data.ptr) {
return 0;
}
--- 88,92 ----
* set to either 160 or 240.
*/
! if (!f->data.ptr || !f->datalen) {
return 0;
}
***************
*** 174,178 ****
frame_data = frame_ptr->data.ptr;
! if (frame_ptr->samples <= ineed) {
memcpy(offset, frame_data, frame_ptr->samples *
sizeof(*offset));
sofar += frame_ptr->samples;
--- 174,180 ----
frame_data = frame_ptr->data.ptr;
! if (frame_ptr->datalen == 0)
! ;
! else if (frame_ptr->samples <= ineed) {
memcpy(offset, frame_data, frame_ptr->samples *
sizeof(*offset));
sofar += frame_ptr->samples;
{noformat}
> Yet another crash freeing a frame that's already been freed
> -----------------------------------------------------------
>
> Key: ASTERISK-27238
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27238
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/Bridging
> Affects Versions: 14.6.0
> Environment: Centos 7
> Reporter: Richard Kenner
> Assignee: Unassigned
> Attachments: confbridge.conf, traceback.txt, valgrind.txt
>
>
> See traceback.txt traceback. The frame being freed is below:
> {noformat}
> $2 = {frametype = AST_FRAME_VOICE, subclass = {integer = 0,
> format = 0x24bc940, frame_ending = 0}, datalen = 0, samples = 320,
> mallocd = 1, mallocd_hdr_len = 545, offset = 64,
> src = 0x7f554c00c7a8 "func_jitterbuffer interpolation", data = {ptr = 0x0,
> uint32 = 0, pad = "\000\000\000\000\000\000\000"}, delivery = {
> tv_sec = 1504146592, tv_usec = 647484}, frame_list = {
> next = 0x7f5544002de0}, flags = 0, ts = 0, len = 0, seqno = 0}
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list