Another crash with a packet: $10 = {frametype = AST_FRAME_VOICE, subclass = {integer = 0, format = 0x12c62170, frame_ending = 0}, datalen = 0, samples = 640, mallocd = 1, mallocd_hdr_len = 324, offset = 64, src = 0x2ad290064a08 "siren14tolin32/speex", data = {ptr = 0x80893318, uint32 = 2156475160, pad = "\030\063\211\200\000\000\000"}, delivery = { tv_sec = 1492000520, tv_usec = 225198}, frame_list = {next = 0x0}, flags = 0, ts = 0, len = 0, seqno = 0}
Note that datalen is zero, but samples aren't. main/slinfactory.c near line 177 doesn't check for datalen of zero, but copies using samples. Fixed thusly: *** slinfactory.c.orig 2017-02-13 15:00:19.000000000 -0500 --- slinfactory.c 2017-04-12 08:48:16.000000000 -0400 *************** *** 174,178 **** frame_data = frame_ptr->data.ptr; ! if (frame_ptr->samples <= ineed) { memcpy(offset, frame_data, frame_ptr->samples * sizeof(*offset)); sofar += frame_ptr->samples; --- 174,180 ---- frame_data = frame_ptr->data.ptr; ! if (frame_ptr->datalen == 0) ! ; ! else if (frame_ptr->samples <= ineed) { memcpy(offset, frame_data, frame_ptr->samples * sizeof(*offset)); sofar += frame_ptr->samples; How many more of these cases are there going to be? Why is samples being used as a length instead of datalen? -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users