[asterisk-bugs] [JIRA] (ASTERISK-28810) Segmentation fault in ast_manager_build_channel_state_string_prefix

Robert Sutton (JIRA) noreply at issues.asterisk.org
Mon Apr 6 19:40:25 CDT 2020 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=250142#comment-250142 ] 

Robert Sutton edited comment on ASTERISK-28810 at 4/6/20 7:39 PM:
------------------------------------------------------------------

Util I can attach the patch here it is as a comment...

diff --git a/main/manager_channels.c b/main/manager_channels.c
index c964033..a50c4f4 100644
--- a/main/manager_channels.c
+++ b/main/manager_channels.c
@@ -493,6 +493,12 @@ struct ast_str *ast_manager_build_channel_state_string_prefix(
        char *connected_name;
        int res;
 
+       if (!snapshot)
+       {
+               ast_log(AST_LOG_WARNING, "Call to ast_manager_build_channel_state_string_prefix with NULL snapshot!\n");
+               return NULL;
+       }
+
        if (snapshot->tech_properties & AST_CHAN_TP_INTERNAL) {
                return NULL;
        }



was (Author: rsutton at noojee.com.au):
Util I can attach the path here it is as a comment...

diff --git a/main/manager_channels.c b/main/manager_channels.c
index c964033..a50c4f4 100644
--- a/main/manager_channels.c
+++ b/main/manager_channels.c
@@ -493,6 +493,12 @@ struct ast_str *ast_manager_build_channel_state_string_prefix(
        char *connected_name;
        int res;
 
+       if (!snapshot)
+       {
+               ast_log(AST_LOG_WARNING, "Call to ast_manager_build_channel_state_string_prefix with NULL snapshot!\n");
+               return NULL;
+       }
+
        if (snapshot->tech_properties & AST_CHAN_TP_INTERNAL) {
                return NULL;
        }


> Segmentation fault in ast_manager_build_channel_state_string_prefix
> -------------------------------------------------------------------
>
>                 Key: ASTERISK-28810
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28810
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/Channels
>    Affects Versions: 16.9.0
>         Environment: docker ubuntu 18.04
>            Reporter: Robert Sutton
>         Attachments: patch.txt
>
>
> We are having daily core dumps.
> ast_manager_build_channel_state_string_prefix was passed a null snapshot, upon looking around the code base there are many paths where it is called with out first checking.
> This problem will keep happening if it is reliant on callers of this method to first check the arg. The simple solution is to do a null check on the snapshot in ast_manager_build_channel_state_string_prefix and return NULL.
> I will attach a patch shortly.
> #0  ast_manager_build_channel_state_string_prefix (snapshot=0x0, prefix=0x62f514 "") at manager_channels.c:496
>         out = <error reading variable out (Cannot access memory at address 0x7f794f496cd0)>
>         caller_name = <optimized out>
>         connected_name = <optimized out>
>         res = <optimized out>
>         __PRETTY_FUNCTION__ = "ast_manager_build_channel_state_string_prefix"



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list