[asterisk-bugs] [JIRA] (ASTERISK-29539) Segmentation fault at ast_writestream() when write handler not defined (happens with OGG/Speex)
Kevin Harwell (JIRA)
noreply at issues.asterisk.org
Tue Aug 3 15:49:33 CDT 2021
[ https://issues.asterisk.org/jira/browse/ASTERISK-29539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=255770#comment-255770 ]
Kevin Harwell commented on ASTERISK-29539:
------------------------------------------
Thanks for testing the patch out!
This patch will not go into Asterisk 17. Asterisk 17 no longer receives bug fixes (currently security fixes only), and will reach "end of life" this Oct. [1].
Seems like you were just testing things out, but wanted to mention it just in case you are actually running that version.
[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
> Segmentation fault at ast_writestream() when write handler not defined (happens with OGG/Speex)
> -----------------------------------------------------------------------------------------------
>
> Key: ASTERISK-29539
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-29539
> Project: Asterisk
> Issue Type: Bug
> Components: Formats/General, Resources/res_convert
> Affects Versions: 16.19.1, 17.9.4, 18.5.1
> Environment: Tested only using Linux, but can be reproduced at any platform.
> Reporter: Ernani José Camargo Azevedo
> Assignee: Kevin Harwell
> Labels: security
>
> Asterisk "file convert" resource can cause a segmentation fault when the output file format format didn't support seeking. This occurs on OGG/Speex format.
> It's simple to reproduce this bug. You need to have any audio file at sound directory (I'm using "audio.wav" file) and issue a *file convert audio.wav audio.spx* at Asterisk console, or using any other way to execute this console command (through AMI, shell using "-x", etc).
> Due to OGG/Speex doesn't support seeking, it issues a warning, and after that the daemon crashes.
> Using gdb, we got this backtrace:
> {noformat}
> *CLI> file convert audio.wav audio.spx
> [Aug 2 12:33:50] WARNING[6821]: format_ogg_speex.c:266 ogg_speex_seek: Seeking is not supported on OGG/Speex streams!
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000000000 in ?? ()
> (gdb) bt
> #0 0x0000000000000000 in ?? ()
> #1 0x00000000004d300f in ast_writestream (fs=fs at entry=0x255f480, f=f at entry=0x246ce40) at file.c:257
> #2 0x00007fffb7d4fe93 in handle_cli_file_convert (e=<optimized out>, cmd=<optimized out>, a=0x7fffffffbfb0) at res_convert.c:118
> #3 0x00000000004ad2f9 in ast_cli_command_full (uid=uid at entry=-1, gid=gid at entry=-1, fd=fd at entry=1, s=s at entry=0x255eb00 "file convert x/welcome.wav x/welcome.spx") at cli.c:2986
> #4 0x000000000043a2d4 in consolehandler (s=0x255eb00 "file convert x/welcome.wav x/welcome.spx") at asterisk.c:2259
> #5 asterisk_daemon (isroot=<optimized out>, rungroup=0x0, runuser=0x0) at asterisk.c:4240
> #6 main (argc=<optimized out>, argv=<optimized out>) at asterisk.c:3927
> (gdb) frame 1
> #1 0x00000000004d300f in ast_writestream (fs=fs at entry=0x255f480, f=f at entry=0x246ce40) at file.c:257
> 257 if ((res = fs->fmt->write(fs, trf))) {
> (gdb) frame 2
> #2 0x00007fffb7d4fe93 in handle_cli_file_convert (e=<optimized out>, cmd=<optimized out>, a=0x7fffffffbfb0) at res_convert.c:118
> 118 if (ast_writestream(fs_out, f)) {
> {noformat}
> The only format I found that can cause this bug is the OGG/Speex (formats spx, spx16 and spx32). Any other file format will convert successfully.
> Note that other file fomats that didn't support seeking issue the warning but didn't crashes the server. For example, the OGG/Vorbis format:
> {noformat}
> *CLI> file convert audio.wav audio.ogg
> Converted audio.wav to audio.ogg in 7ms
> [Aug 2 12:40:20] WARNING[7045]: format_ogg_vorbis.c:384 ogg_vorbis_seek: Seeking is not supported on OGG/Vorbis streams in writing mode!
> {noformat}
> The above command converted the file and wrote a valid audio.ogg file.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list