[Asterisk-Users] chan_iax2.c problem?

Steve Kann stevek at stevek.com
Fri Jan 28 13:08:20 MST 2005 



On Jan 28, 2005, at 1:25 PM, Chamberland-Larose, Guillaume wrote:

> Hi,
>
> I was messing around with FireFly last night and got asterisk to crash
> hard. It looks like the bug is a division by zero in chan_iax2.c.
> I reproduced it and here are some infos I got from gdb:
>
> [Switching to Thread 245775 (LWP 23251)]
> 0x41154918 in calc_timestamp (p=0x816b710, ts=0, f=0x424eef24) at
> chan_iax2.c:2896
> 2896                                    int diff = ms % (f->samples /
> 8);
>
> (gdb) display f->samples
> 1: f->samples = 0
>
> (gdb) backtrace
> #0  0x41154918 in calc_timestamp (p=0x816b710, ts=0, f=0x424eef24) at
> chan_iax2.c:2896
> #1  0x41153119 in iax2_send (pvt=0x816b710, f=0x424eef24, ts=32,
> seqno=-1, now=0, transfer=0, final=32) at chan_iax2.c:3091
> #2  0x41166e17 in iax2_write (c=0x20, f=0x424eef24) at chan_iax2.c:3551
> #3  0x0805cd41 in ast_write (chan=0x816bd90, fr=0x424eef24) at
> channel.c:1634
> #4  0x080610e3 in ast_activate_generator (chan=0x816bd90,
> gen=0x407ca918,
> params=0x20) at channel.c:1554
> #5  0x407c725e in ast_moh_start (chan=0x0, class=0x20 <Address 0x20 out
> of
> bounds>) at res_musiconhold.c:598
> #6  0x41804e3d in dial_exec (chan=0x816bd90, data=0x816bd90) at
> app_dial.c:882
> #7  0x08074a1f in pbx_exec (c=0x816bd90, app=0x8157770, 
> data=0x424f1b24,
> newstack=1) at pbx.c:469

Looks like two bugs:

1) Apparently, asterisk's MOH is trying to send a zero-length voice 
frame out, (or maybe, it put data in the frame, but set samples to 
zero?).  It could also be a different bug in MOH.

2) The line of code upon which chan_iax2 crashed, I think is one I 
wrote :).  We should check for the zero case before trying to do this 
division.

Can you file a bug on this, at the bugtracker?  (2) should obviously be 
easy to fix as you saw.  (1) I'm not sure about.

Also, I'm CC'ing Adam Hart so he knows about the issue in Firefly; he 
may want to make it more robust to this..   (it probably receives a 
voice frame with no data in this case, which isn't meaningful, but 
shouldn't crash things..).

-SteveK




> I was calling Firefly's own extension from Firefly to test Busy() and
> Playtones(busy) with Firefly. What happened was I got a socket error in
> asterisk's console saying connection was refused from Firefly because
> it's busy then this crash.
>
> Simply setting diff = 0 if f->samples is 0 will prevent asterisk from
> crashing but Firefly will crash to desktop instead. :s
>
> Any ideas what this is all about?
>
> Guills
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list