[asterisk-bugs] [JIRA] (ASTERISK-27488) core: If frame with unnegotiated format is read crash will occur

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Mon Apr 1 13:21:52 CDT 2019 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-27488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Harwell updated ASTERISK-27488:
-------------------------------------

    Target Release Version/s: 16.3.0

> core: If frame with unnegotiated format is read crash will occur
> ----------------------------------------------------------------
>
>                 Key: ASTERISK-27488
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27488
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Core/Streams
>    Affects Versions: 15.0.0, 15.1.0, 15.1.1, 15.1.2, 15.1.3
>         Environment: Debian 8 Jessie, Asterisk 15.1.3, Cisco SPA 122
>            Reporter: Sébastien Duthil
>            Assignee: Joshua C. Colp
>            Severity: Minor
>              Labels: fax, patch
>      Target Release: 15.2.2, 15.3.0, 16.0.0, 16.3.0
>
>         Attachments: AST-2018-001.pdf, ASTERISK-27488_testsuite.diff, c9d6bfc.diff, full.log, gdb-bt-thread1.txt, rtp.pcapng
>
>
> Given the following setup:
> Fax -> Cisco analog gateway -> SIP -> Asterisk
> Given the Cisco analog gateway is configured with Fax Passthru = NSE (sends a NSE RTP packet upon fax detection)
> Given faxes are handled with the application ReceiveFax
> When I receive a fax from the gateway (in the logs: exten 106 sends a fax to exten 945)
> Then Asterisk crashes with segfault
> Note that in the exact same environment, if I change _only_ this setting on the gateway Fax Passthru = ReINVITE (i.e. no special RTP packet is sent, but a SIP packet instead), and receive another fax then Asterisk does not crash.
> Analyzing the core dump, I see:
> {noformat}
> #1  0x080f41c7 in __ast_read (chan=0xb9cf1d4, dropaudio=0, dropnondefault=1) at channel.c:3703
> (gdb) p f->subclass.format.name              
> $3 = 0x827290e "vp8"                         
> (gdb) p f->subclass.format->codec.name       
> $4 = 0x827290e "vp8"                         
> (gdb) p f->subclass.format->codec.description
> $5 = 0x8272912 "VP8 video"                   
> (gdb) p f->frametype                         
> $6 = AST_FRAME_VIDEO                         
> (gdb) p chan->default_streams                
> $7 = {0x0, 0xb647670, 0x0, 0x0, 0x0}         
> {noformat}
> The network capture shows the NSE RTP packet at number 41.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list