[Asterisk-video] Asterisk crash when using amr (app_h324m.so)

Francesco Emmi francesco.emmi at a-tono.com
Tue Jul 3 10:32:40 CDT 2007


Hi Thomas,

This is bt I've obtained:

#0  0x005e6276 in _int_free () from /lib/tls/libc.so.6
#1  0x005e6aca in free () from /lib/tls/libc.so.6
#2  0x008be5a1 in operator delete () from /usr/lib/libstdc++.so.6
#3  0x05efa33c in MP4RtpHintTrack::ReadHint (this=0x6ab800, 
hintSampleId=2, pNumPackets=0xb7859de8) at rtphint.cpp:126
#4  0x05edd204 in MP4File::ReadRtpHint (this=0x8bce428, hintTrackId=2, 
hintSampleId=2, pNumPackets=0xb7859de8)
     at mp4file.cpp:2821
#5  0x05ecf18f in MP4ReadRtpHint (hFile=0x8bce428, hintTrackId=2, 
hintSampleId=2, pNumPackets=0xb7859de8) at mp4.cpp:2710
#6  0x004ec227 in mp4_rtp_read (p=0xb7859dd0) at app_mp4.c:200

It seems that the problem is with MP4ReadRtpHint (from mp4 library) that 
makes asterisk  crash for a double free operation.

I extracted h263 and amr media from your mp4 file e hinted them again in 
a new mp4 file and this time everything worked fine (video has a very 
good quality). This make me think that the problem could be on how media 
are hinted on mp4 file.

Please, may you give me a more detailed description about how you 
created your file? How did you hint media on it?

Greetings
Francesco

Francesco Emmi wrote:
> Thomas Frieling wrote:
>> I did some debugging today:
>>
>> When I comment out the TIFFReverseBits call, asterisk just crashes with another backtrace:
>> #0  0xb7c99a15 in memcpy () from /lib/i686/cmov/libc.so.6
>> #1  0xb78c5bdc in Frame (this=0x817e0c0, t=e_Audio, c=e_AMR, d=0xb573d882 "|¥cK`\2249:S3|ø&l¬\030", l=4294967295) at Media.cpp:33
>> #2  0xb78c531d in FrameCreate () from /usr/local/lib/libh324m.so
>> #3  0xb7a97a7b in app_h324m_gw (chan=0x8207618, data=0xb595ff28) at app_h324m.c:303
>> [...]
>>
>> After that I created a new video using the realnetworks helix mobile producer. This video works fine and actually does not crash asterisk.
>> The videos that crash asterisk were generated by ffmpeg or recorded by mp4save.
>>
>> So my guess is that whenever a video frame do not have the expected format something bad happens. 
>> Speaking in java terms, TIFFReverseBits for example could throw an ArrayOutOfBoundsException.
>>
>> In my opinion it is absolutely essential to check every frame's format before performing unchecked and dangerous operations on it. Although I am not able to apply those changes myself, I plan on helping the project by testing the code and maybe donating some time in the future.
>>
>> So far,
>> Thomas
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: asterisk-video-bounces at lists.digium.com im Auftrag von Thomas Frieling
>> Gesendet: Do 28.06.2007 18:03
>> An: Development discussion of video media support in Asterisk
>> Betreff: AW: [Asterisk-video] Asterisk crash when using amr (app_h324m.so)
>>  
>> Hi!
>>
>> Sorry for flooding the mailing list today, but	I really have to get this working. 
>> I now have a different backtrace. It reminds me of the changes I had to apply to h324m.cpp to get mISDN working. Could this be the problem? If there is a chance I'd go right now and buy a different card. Which should I take for BRI-ISDN? 
>>
>> Here is the new bt:
>>
>> (gdb) bt full
>> #0  0xb78b317b in TIFFReverseBits () from /usr/local/lib/libh324m.so
>> No symbol table info available.
>> #1  0xb7a855c2 in create_h324m_frame (pak=0xb5b8fe20, f=<value optimized out>) at app_h324m.c:284
>> 	mode = 12 '\f'
>> 	i = <value optimized out>
>> #2  0xb7a86052 in app_h324m_gw (chan=0x82063e0, data=0xb5b93f28) at app_h324m.c:536
>> 	f = (struct ast_frame *) 0xb591cd80
>> 	send = <value optimized out>
>> 	u = (struct ast_module_user *) 0x8204d60
>> 	pak = {framedata = 0xb591ce00 "ddç¥ÆÒ\006)\234\\ÊÌ>\037d65\030", offset = 0xb591ce02 "ç¥ÆÒ\006)\234\\ÊÌ>\037d65\030", framelength = 31, num = 1, max = 1}
>> 	vtr = {tr = 0 '\0', samples = 0}
>> 	frame = (void *) 0x1
>> 	input = <value optimized out>
>> 	reason = 0
>> 	ms = -1
>> 	channels = {0x82063e0, 0x8209850}
>> 	pseudo = (struct ast_channel *) 0x8209850
>> 	where = (struct ast_channel *) 0x1
>> 	id = (void *) 0x820ae40
>> 	__PRETTY_FUNCTION__ = "app_h324m_gw"
>> #3  0x080c7413 in pbx_extension_helper (c=0x82063e0, con=0x0, context=0x8206560 "test", exten=0x82065b0 "play", priority=1, label=0x0, callerid=0x8204c80 "001736490184", action=E_SPAWN) at pbx.c:532
>> 	e = (struct ast_exten *) 0x81ab3e0
>> 	app = (struct ast_app *) 0x8191698
>> 	res = <value optimized out>
>> 	q = {incstack = {0x0 <repeats 128 times>}, stacklen = 0, status = 5, swo = 0x0, data = 0x0, foundcontext = 0x8206560 "test"}
>> 	passdata = "play at video", '\0' <repeats 8181 times>
>> 	matching_action = 0
>> 	__PRETTY_FUNCTION__ = "pbx_extension_helper"
>> #4  0x080c90f6 in __ast_pbx_run (c=0x82063e0) at pbx.c:2288 [...]
>> #5  0x080ca08e in pbx_thread (data=0x82063e0) at pbx.c:2601 [...]
>> #6  0x080f5c0b in dummy_start (data=0x817aab0) at utils.c:545 [...]
>> #7  0xb7ed231b in start_thread () from /lib/i686/cmov/libpthread.so.0 [...]
>> #8  0xb7ce88ee in clone () from /lib/i686/cmov/libc.so.6 [...]
>>
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: asterisk-video-bounces at lists.digium.com im Auftrag von Patrick
>> Gesendet: Do 28.06.2007 13:06
>> An: Development discussion of video media support in Asterisk
>> Betreff: Re: [Asterisk-video] Asterisk crash when using amr (app_h324m.so)
>>  
>> Hi Thomas,
>>
>> On Thu, 2007-06-28 at 11:49 +0200, Thomas Frieling wrote:
>>> Hi Sergio!
>>>
>>> I tried to recompile libh324m with those flags by adding ${CFLAGS} to
>>> the Makefile. I am not sure though if this is the way to do it...
>>> Anyway gdb doesn't say anything else than it did before. Maybe I am
>>> not using gdb correctly?
>>>
>>> -------- Makefile now looks like this: -------------
>>> CFLAGS=-g -O0
>> Perhaps try:
>> CFLAGS=-g3 -pg -O0
>>
>> I'm saw these settings in the Makefile of another app so I'm just
>> guessing here. During compilation you should see these settings in the
>> output so keep an eye on that. And you probably don't want to strip the
>> binaries (if you were even doing that at all).
>>
>> Regards,
>> Patrick
>>
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-video mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-video
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-video mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-video
> Hi Thomas,
> 
> Would I be able to have one of your mp4 files that makes Asterisk crash?
> I'm trying to reproduce your problem but without success.
> 
> Thank in advance
> Francesco
> 


-- 
____________________________________________
Francesco Emmi
A-Tono
Largo Paisiello 5 - 95124 Catania
Tel.: (+39) 095 7365312
http: www.a-tono.com

Information in this email is confidential and may be privileged.
It is intended for the addresses only. If you have received it in error,
please notify the sender immediately and delete it from your system.
You should not otherwise copy it, retransmit it or use or disclose its
content to anyone.
Thank you for your co-operation.



More information about the asterisk-video mailing list