From d9f37a67e1ab07ae4741ec315d588a9891295d68 Mon Sep 17 00:00:00 2001 From: Jeff Peeler Date: Tue, 1 Dec 2009 21:54:21 +0000 Subject: Merged revisions 231911 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r231911 | jpeeler | 2009-12-01 15:29:31 -0600 (Tue, 01 Dec 2009) | 12 lines Fix crash with invalid frame data The crash was happening as a result of a frame containing an invalid data pointer, but was set with data length of zero. The few times the issue was reproduced it _seemed_ that the frame was queued properly, that is the data pointer was set to NULL. I never could reproduce the crash so as a last resort the crash has been fixed, but a check in __ast_read has been added to give as much information about the source of problematic frames in the future. (closes issue #16058) Reported by: atis ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@231927 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- main/channel.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'main') diff --git a/main/channel.c b/main/channel.c index 48eedafe7..0a727057c 100644 --- a/main/channel.c +++ b/main/channel.c @@ -3519,6 +3519,17 @@ static struct ast_frame *__ast_read(struct ast_channel *chan, int dropaudio) ast_frame_dump(chan->name, f, "<<"); chan->fin = FRAMECOUNT_INC(chan->fin); + if (f && f->datalen == 0 && f->data.ptr) { + /* fix invalid pointer */ + f->data.ptr = NULL; +#ifdef AST_DEVMODE + ast_log(LOG_ERROR, "Found frame with src '%s' on channel '%s' with datalen zero, but non-null data pointer!\n", f->src, chan->name); + ast_frame_dump(chan->name, f, "<<"); +#else + ast_debug(3, "Found frame with src '%s' on channel '%s' with datalen zero, but non-null data pointer!\n", f->src, chan->name); +#endif + } + done: if (chan->music_state && chan->generator && chan->generator->digit && f && f->frametype == AST_FRAME_DTMF_END) chan->generator->digit(chan, f->subclass.integer); -- cgit v1.2.3