[asterisk-bugs] [JIRA] (ASTERISK-29539) Segmentation fault at ast_writestream() when write handler not defined (happens with OGG/Speex)
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Fri Aug 6 07:53:33 CDT 2021
[ https://issues.asterisk.org/jira/browse/ASTERISK-29539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=255790#comment-255790 ]
Friendly Automation commented on ASTERISK-29539:
------------------------------------------------
Change 16260 merged by George Joseph:
format_ogg_speex: Implement a "not supported" write handler
[https://gerrit.asterisk.org/c/asterisk/+/16260|https://gerrit.asterisk.org/c/asterisk/+/16260]
> Segmentation fault at ast_writestream() when write handler not defined (happens with OGG/Speex)
> -----------------------------------------------------------------------------------------------
>
> Key: ASTERISK-29539
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-29539
> Project: Asterisk
> Issue Type: Bug
> Components: Formats/General, Resources/res_convert
> Affects Versions: 16.19.1, 17.9.4, 18.5.1
> Environment: Tested only using Linux, but can be reproduced at any platform.
> Reporter: Ernani José Camargo Azevedo
> Assignee: Kevin Harwell
> Labels: security
>
> Asterisk "file convert" resource can cause a segmentation fault when the output file format format didn't support seeking. This occurs on OGG/Speex format.
> It's simple to reproduce this bug. You need to have any audio file at sound directory (I'm using "audio.wav" file) and issue a *file convert audio.wav audio.spx* at Asterisk console, or using any other way to execute this console command (through AMI, shell using "-x", etc).
> Due to OGG/Speex doesn't support seeking, it issues a warning, and after that the daemon crashes.
> Using gdb, we got this backtrace:
> {noformat}
> *CLI> file convert audio.wav audio.spx
> [Aug 2 12:33:50] WARNING[6821]: format_ogg_speex.c:266 ogg_speex_seek: Seeking is not supported on OGG/Speex streams!
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000000000 in ?? ()
> (gdb) bt
> #0 0x0000000000000000 in ?? ()
> #1 0x00000000004d300f in ast_writestream (fs=fs at entry=0x255f480, f=f at entry=0x246ce40) at file.c:257
> #2 0x00007fffb7d4fe93 in handle_cli_file_convert (e=<optimized out>, cmd=<optimized out>, a=0x7fffffffbfb0) at res_convert.c:118
> #3 0x00000000004ad2f9 in ast_cli_command_full (uid=uid at entry=-1, gid=gid at entry=-1, fd=fd at entry=1, s=s at entry=0x255eb00 "file convert x/welcome.wav x/welcome.spx") at cli.c:2986
> #4 0x000000000043a2d4 in consolehandler (s=0x255eb00 "file convert x/welcome.wav x/welcome.spx") at asterisk.c:2259
> #5 asterisk_daemon (isroot=<optimized out>, rungroup=0x0, runuser=0x0) at asterisk.c:4240
> #6 main (argc=<optimized out>, argv=<optimized out>) at asterisk.c:3927
> (gdb) frame 1
> #1 0x00000000004d300f in ast_writestream (fs=fs at entry=0x255f480, f=f at entry=0x246ce40) at file.c:257
> 257 if ((res = fs->fmt->write(fs, trf))) {
> (gdb) frame 2
> #2 0x00007fffb7d4fe93 in handle_cli_file_convert (e=<optimized out>, cmd=<optimized out>, a=0x7fffffffbfb0) at res_convert.c:118
> 118 if (ast_writestream(fs_out, f)) {
> {noformat}
> The only format I found that can cause this bug is the OGG/Speex (formats spx, spx16 and spx32). Any other file format will convert successfully.
> Note that other file fomats that didn't support seeking issue the warning but didn't crashes the server. For example, the OGG/Vorbis format:
> {noformat}
> *CLI> file convert audio.wav audio.ogg
> Converted audio.wav to audio.ogg in 7ms
> [Aug 2 12:40:20] WARNING[7045]: format_ogg_vorbis.c:384 ogg_vorbis_seek: Seeking is not supported on OGG/Vorbis streams in writing mode!
> {noformat}
> The above command converted the file and wrote a valid audio.ogg file.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list