[asterisk-dev] chan_iax problem (was Re: Thoughts on Asterisk release management

[Luigi Rizzo]

The crash that I and others were seeing in in chan_iax happens
early in the load process, presumably while loading the config file.
The stack trace is this one:

#0  user_hash_cb (obj=0xbfbfef3c, flags=8) at /usr/ports/net/asterisk-test/work/asterisk-devel-1.4/include/asterisk/strings.h
:677
#1  0x806f060 in ao2_callback (c=0x83dc014, flags=OBJ_POINTER, cb_fn=0x287021cc <user_cmp_cb>, arg=0xbfbfef3c) at astobj2.c:4
30
#2  0x806f7dc in ao2_find (c=0x83dc014, arg=0xbfbfef3c, flags=OBJ_POINTER) at astobj2.c:502
#3  0x286fbdfd in build_user (name=0x842f880 "guest", v=0x842f900, alt=0x0, temponly=0) at chan_iax2.c:9684
#4  0x286fef0b in set_config (config_file=0x2870ef3b "iax.conf", reload=0) at chan_iax2.c:10344
#5  0x2870125b in load_module () at chan_iax2.c:11310
#6  0x80a596b in load_resource (resource_name=0x82269c0 "chan_iax2.so", global_symbols_only=0) at loader.c:662
#7  0x80a5f53 in load_modules (preload_only=0) at loader.c:854
#8  0x806dc12 in main (argc=3, argv=0xbfbff6f4) at asterisk.c:2973

and the culprit is a NULL argument passed to strings.h::ast_str_hash()

    static force_inline int ast_str_hash(const char *str)
    {
        int hash = 5381;

        while (*str)
                hash = hash * 33 ^ *str++;
  
        return abs(hash);
    }
   
HOWEVER, the problem lies elsewhere, in this initialization in
chan_iax2.c::build_user() near line 9679:

        struct iax2_user tmp_user = {
                .name = name,
        };

(there are several other instances like this).

The field "name" is an AST_STRING_FIELD, and for some
reason, at least with my compiler (gcc 2.95 on FreeBSD 4.11)
the initialization leaves it to NULL instead of setting the
correct value.

Why that happens, i have no idea; however it
is really something that we should figure out because it is critical.
Patching ast_str_hash() to handle the NULL argument will prevent
the crash but not fix the problem.

	cheers
	luigi