[asterisk-dev] crash chan_misdn 0.3 [asterisk 1.2 svn]

Martin Vít vit at lam.cz
Mon Mar 5 09:27:44 MST 2007 

Hello guyes. Hhope, that this is right place to discuss this.

I'm expiriencing crash in isdn_lib.c which dereferences stack pointer 
which is null (get_stack_by_bc(bc) return NULL pointer, see --- code --- 
below..)

Here is full backtrace.

#0  0xb7873e3a in misdn_lib_tx2misdn_frm (bc=0x818389c, data=0x9681e68, 
len=320) at isdn_lib.c:4016
        stack = (struct misdn_stack *) 0x0
        buf = 
"ÓÓÓÓ\200\002\022\000\000\000\000\000@\001\000\000űë\n\232â˛\222Ž.în\216\016Nžţ~\236\036\236ţN\216Ž\202:k[ó/\017ż?˙˙?żĎ\217/Ż\223ł\203Ł\233űKkŤę\núZbBr\022ŇŇŇ\222ňB\202\"\032:ĘęŤk\vKKKKKKKKťË\213ëŞjJ:::Jjë;[C\223ÓÓó\003Łűë\núÚ\"âZz:ĘjŤ\213K;{Ű[\033{űËë*\212Jú\232\032ÚÚÚ\232\032Ú\232z\232\232:J\212ę+K\233[#ă#Ű{ť\213+*j\212\nĘĘĘĘĘĘ\n*ë\213Ëť;ťK\v\213ëŤë\213"...
        frm = (iframe_t *) 0xb4935990
        r = 536870912
#1  0xb786153b in misdn_write (ast=0x8851c20, frame=0x9681df8) at 
chan_misdn.c:2313
        ch = (struct chan_list *) 0x93fe588
        __PRETTY_FUNCTION__ = "misdn_write"
#2  0x0806520b in ast_write (chan=0x8851c20, fr=0x9510388) at channel.c:2340
        res = -1
        f = (struct ast_frame *) 0x9681df8
        __PRETTY_FUNCTION__ = "ast_write"
#3  0x08068e02 in ast_channel_bridge (c0=0x86a0e08, c1=0x8851c20, 
config=0xb4937740, fo=0xb4936bf0, rc=0xb4936bf4) at channel.c:3427
        now = The value of variable 'now' is distributed across several
locations, and GDB cannot access its value.


---- code ----

int misdn_lib_tx2misdn_frm(struct misdn_bchannel *bc, void *data, int len)
{
        struct misdn_stack *stack=get_stack_by_bc(bc);

        switch (bc->bc_state) {
                case BCHAN_ACTIVATED:
                case BCHAN_BRIDGED:
                        break;
                default:
                        cb_log(3, bc->port, "BC not yet activated 
(state:%s)\n",bc_state2str(bc->bc_state));
                        return -1;
        }

        unsigned char buf[4096 + mISDN_HEADER_LEN];
        iframe_t *frm= (iframe_t*)buf;
        int  r;

        frm->prim = DL_DATA|REQUEST;
        frm->dinfo = 0;
        frm->addr = bc->addr | FLG_MSG_DOWN ;

        frm->len = len;
        memcpy(&buf[mISDN_HEADER_LEN], data,len);

        if ( misdn_cap_is_speech(bc->capability) )
                flip_buf_bits( &buf[mISDN_HEADER_LEN], len);
        else
                cb_log(6, stack->port, "Writing %d data bytes\n",len);

        cb_log(9, stack->port, "Writing %d bytes 2 mISDN\n",len);
        r=mISDN_write(stack->midev, buf, frm->len + mISDN_HEADER_LEN, 
TIMEOUT_INFINIT);
        return 0;
}
--------------------

-- 
Martin Vít
LAM plus s.r.o.
http://www.lam.cz/
Tel.: 605 267 610

More information about the asterisk-dev mailing list