[asterisk-dev] Weird voicemail crash

[Peter Spikings]

Hi,

I'm using 1.2.4 and am experiencing occasional crashes when people leave
voicemails. I upgraded from 1.0.7 3 weeks ago and it crashed for the
first time last week so I let it dump the core for next time (which has
just happened). Here's the stack trace:

#0  0x00b077a2 in ?? () from /lib/ld-linux.so.2
#1  0x00b47955 in raise () from /lib/tls/libc.so.6
#2  0x00b49319 in abort () from /lib/tls/libc.so.6
#3  0x00b7af8a in __fsetlocking () from /lib/tls/libc.so.6
#4  0x00b814f8 in malloc_trim () from /lib/tls/libc.so.6
#5  0x00b81aca in free () from /lib/tls/libc.so.6
#6  0x0041466e in vm_execmain (chan=0xb7b0df60, data=0x3f) at
app_voicemail.c:5465
#7  0x0809073d in pbx_extension_helper (c=0xb7b0df60, con=0x0,
context=0xb7b0e0b0 "international", exten=0xb7b0e1a4 "500", priority=3,
label=0x0, callerid=0xb74a00b0 "224 at pnetmk", action=0) at pbx.c:544
#8  0x08091a06 in __ast_pbx_run (c=0xb7b0df60) at pbx.c:2218
#9  0x0809346c in pbx_thread (data=0x0) at pbx.c:2505
#10 0x00c8d3ae in __pthread_initialize_minimal ()
from /lib/tls/libpthread.so.0
#11 0x00be6aee in clone () from /lib/tls/libc.so.6

app_voicemail.c line 5465 is the middle line of the below:

        if (vmu)
                free_user(vmu);
        if (vms.deleted)
                free(vms.deleted);
        if (vms.heard)
                free(vms.heard);
        LOCAL_USER_REMOVE(u);

I've examined vms.deleted and it seems like it's fine - it points to an
array of 100 ints which are all zero so it's not a corrupt pointer, I
guess the most likely explanation is a double free? Probably won't help
but I noticed that vms.deleted[100] (vmu->maxmsg was 100) is also zero.

If you need any additional information let me know,

Thanks,

Peter Spikings.
This message has been comprehensively scanned for viruses,
please visit http://www.avg.power.net.uk/ for details.