Re: [Asterisk-Dev] app_meetme crash
Bug posted with patch at:
http://bugs.digium.com/bug_view_page.php?bug_id=0001773
ROb
- Original Message -
From: "Jared Mauch" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 02, 2004 4:29 PM
Subject: [Asterisk-Dev] app_meetme crash
>
> See the patch, this will prevent it from coring, but could lead
> to other issues.
>
> - Jared
>
> #0 0x003d2c1e in conf_run (chan=0x88aa400, conf=0x86ee8d8, confflags=536)
> at app_meetme.c:942
> 942 user->prevuser->nextuser =
user->nextuser;
> (gdb) print *user
> $1 = {user_no = 1, prevuser = 0x0, nextuser = 0x88beba8, userflags = 536,
> adminflags = 0, chan = 0x88aa400,
> usrvalue = "test", '\0' , jointime = 2586960}
> (gdb) print *user->prevuser
> Cannot access memory at address 0x0
> (gdb) print *user->nextuser
> $2 = {user_no = 2, prevuser = 0x0, nextuser = 0x8694058, userflags = 536,
> adminflags = 0, chan = 0x8878370,
> usrvalue = "test", '\0' , jointime = 2586960}
> (gdb) print user->nextuser->prevuser
> $3 = (struct ast_conf_user *) 0x0
> (gdb) print user->prevuser
> $4 = (struct ast_conf_user *) 0x0
> (gdb) print user->nextuser
> $5 = (struct ast_conf_user *) 0x88beba8
> (gdb) print user->prevuser
> $6 = (struct ast_conf_user *) 0x0
>
> diff -u -r1.35 app_meetme.c
> --- app_meetme.c1 Jun 2004 22:54:18 - 1.35
> +++ app_meetme.c2 Jun 2004 21:27:24 -
> @@ -939,7 +939,9 @@
> cur->lastuser = cur->lastuser->prevuser;
> } else {
> user->nextuser->prevuser = user->prevuser;
> - user->prevuser->nextuser = user->nextuser;
> + if (user->prevuser != NULL) {
> + user->prevuser->nextuser =
user->nextuser;
> + }
> }
> /* Return the number of seconds the user was in
the conf */
> sprintf(meetmesecs, "%i", (int) (user->jointime -
time(NULL)));
>
> --
> Jared Mauch | pgp key available via finger from [EMAIL PROTECTED]
> clue++; | http://puck.nether.net/~jared/ My statements are only
mine.
> ___
> Asterisk-Dev mailing list
> [EMAIL PROTECTED]
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-dev
___
Asterisk-Dev mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-dev
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [Asterisk-Dev] app_meetme crash
Here's a patch to fix the logical bug:
Is there something open on bugs.digium.com??
(sorry for the small amount of re-format changes, but I had to align the { }
sets to see the logic better)
Rob
Index: app_meetme.c
===
RCS file: /usr/cvsroot/asterisk/apps/app_meetme.c,v
retrieving revision 1.36
diff -u -p -r1.36 app_meetme.c
--- app_meetme.c2 Jun 2004 16:57:14 - 1.36
+++ app_meetme.c2 Jun 2004 22:57:50 -
@@ -918,7 +918,7 @@ zapretry:
outrun:
if (user->user_no) { /* Only cleanup users who really joined! */
- manager_event(EVENT_FLAG_CALL, "MeetmeLeave",
+ manager_event(EVENT_FLAG_CALL, "MeetmeLeave",
"Channel: %s\r\n"
"Uniqueid: %s\r\n"
"Meetme: %s\r\n",
@@ -926,34 +926,34 @@ outrun:
ast_mutex_lock(&conflock);
conf->users--;
cur = confs;
- if (!conf->users) {
- /* No more users -- close this one out */
- while(cur) {
- if (cur == conf) {
- if (prev)
- prev->next = conf->next;
- else
- confs = conf->next;
- break;
+ if (!conf->users) {
+ /* No more users -- close this one out */
+ while(cur) {
+ if (cur == conf) {
+ if (prev)
+ prev->next = conf->next;
+ else
+ confs = conf->next;
+ break;
+ }
+ prev = cur;
+ cur = cur->next;
}
- prev = cur;
- cur = cur->next;
- }
- if (!cur)
- ast_log(LOG_WARNING, "Conference not found\n");
- if (conf->chan)
- ast_hangup(conf->chan);
- else
- close(conf->fd);
- free(conf);
+ if (!cur)
+ ast_log(LOG_WARNING, "Conference not
found\n");
+ if (conf->chan)
+ ast_hangup(conf->chan);
+ else
+ close(conf->fd);
+ free(conf);
} else {
/* Remove the user struct */
- if (user == cur->firstuser) {
- cur->firstuser->nextuser->prevuser = NULL;
- cur->firstuser = cur->firstuser->nextuser;
- } else if (user == cur->lastuser){
- cur->lastuser->prevuser->nextuser = NULL;
- cur->lastuser = cur->lastuser->prevuser;
+ if (user == conf->firstuser) {
+ user->nextuser->prevuser = NULL;
+ conf->firstuser = user->nextuser;
+ } else if (user == conf->lastuser){
+ user->prevuser->nextuser = NULL;
+ conf->lastuser = user->prevuser;
} else {
user->nextuser->prevuser = user->prevuser;
user->prevuser->nextuser = user->nextuser;
- Original Message -
From: "Fabian Stelzer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 02, 2004 5:24 PM
Subject: Re: [Asterisk-Dev] app_meetme crash
> Yeah the "if" is normally not needed!
> can you provide more information about the situation of the crash? (how
many
> users where in, who left or anything else (your usage of meetme)).
> perhaps i can reproduce this and then correctly fix it! (i made the patch)
>
> Regards
> Fabe
>
> - Original Message -
> From: "Rob Gagnon" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, June 03, 2004 12:08 AM
> Subject: Re: [Asterisk-Dev] app_meetme crash
>
>
> > Hmmm
> >
> > If user->prevuser is NULL, then it SHOULD be the head of the list, in
> which
> > case the "if (user == cur->firstuser)" statement SHOULD have kicked in.
> >
> > So... this le
Re: [Asterisk-Dev] app_meetme crash
Here's the problem
Line 928 of v1.36 app_meetme.c:
cur = confs;
if (!conf->users) {
...
} else {
/* Remove the user struct */
if (user == cur->firstuser) {
..
The issue is that the Remove the user struct section thinks that cur-> is
same as conf-> at this point, but it is actually confs (with an s)
The entire else block should change "cur" to "conf" to become:
/* Remove the user struct */
if (user == conf->firstuser) {
conf->firstuser->nextuser->prevuser = NULL;
conf->firstuser = conf->firstuser->nextuser;
} else if (user == conf->lastuser){
conf->lastuser->prevuser->nextuser = NULL;
conf->lastuser = conf->lastuser->prevuser;
} else {
user->nextuser->prevuser = user->prevuser;
user->prevuser->nextuser = user->nextuser;
}
So that the user is removed from the current conference, and not from
"confs" which is the head.
- Original Message -
From: "Rob Gagnon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 02, 2004 5:08 PM
Subject: Re: [Asterisk-Dev] app_meetme crash
> Hmmm
>
> If user->prevuser is NULL, then it SHOULD be the head of the list, in
which
> case the "if (user == cur->firstuser)" statement SHOULD have kicked in.
>
> So... this leads me to believe there is another bug some place else
actually
> causing the problem.
>
> I am not that familiar with the inerds of app_meetme, but from what I know
> of doubly-linked-lists, the if-statement you added should not be needed if
> the list integrity is maintained.
>
> Rob
> - Original Message -
> From: "Jared Mauch" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, June 02, 2004 4:29 PM
> Subject: [Asterisk-Dev] app_meetme crash
>
>
> >
> > See the patch, this will prevent it from coring, but could lead
> > to other issues.
> >
> > - Jared
> >
> > #0 0x003d2c1e in conf_run (chan=0x88aa400, conf=0x86ee8d8,
confflags=536)
> > at app_meetme.c:942
> > 942 user->prevuser->nextuser =
> user->nextuser;
> > (gdb) print *user
> > $1 = {user_no = 1, prevuser = 0x0, nextuser = 0x88beba8, userflags =
536,
> > adminflags = 0, chan = 0x88aa400,
> > usrvalue = "test", '\0' , jointime = 2586960}
> > (gdb) print *user->prevuser
> > Cannot access memory at address 0x0
> > (gdb) print *user->nextuser
> > $2 = {user_no = 2, prevuser = 0x0, nextuser = 0x8694058, userflags =
536,
> > adminflags = 0, chan = 0x8878370,
> > usrvalue = "test", '\0' , jointime = 2586960}
> > (gdb) print user->nextuser->prevuser
> > $3 = (struct ast_conf_user *) 0x0
> > (gdb) print user->prevuser
> > $4 = (struct ast_conf_user *) 0x0
> > (gdb) print user->nextuser
> > $5 = (struct ast_conf_user *) 0x88beba8
> > (gdb) print user->prevuser
> > $6 = (struct ast_conf_user *) 0x0
> >
> > diff -u -r1.35 app_meetme.c
> > --- app_meetme.c1 Jun 2004 22:54:18 - 1.35
> > +++ app_meetme.c2 Jun 2004 21:27:24 -
> > @@ -939,7 +939,9 @@
> > cur->lastuser = cur->lastuser->prevuser;
> > } else {
> > user->nextuser->prevuser =
user->prevuser;
> > - user->prevuser->nextuser =
user->nextuser;
> > + if (user->prevuser != NULL) {
> > + user->prevuser->nextuser =
> user->nextuser;
> > + }
> > }
> > /* Return the number of seconds the user was in
> the conf */
> > sprintf(meetmesecs, "%i", (int)
(user->jointime -
> time(NULL)));
> >
> > --
> > Jared Mauch | pgp key available via finger from [EMAIL PROTECTED]
> > clue++; | http://puck.nether.net/~jared/ My statements are only
> mine.
> > ___
> > Asterisk-Dev mailing list
> > [EMAIL PROTECTED]
> > http://lists.digium.com/mailman/listinfo/asterisk-dev
> > To UNSUBSCRIBE or update options visit:
> >http://lists.digium.com/mailman/listinfo/asterisk-dev
>
> ___
> Asterisk-Dev mailing list
> [EMAIL PROTECTED]
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-dev
___
Asterisk-Dev mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-dev
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [Asterisk-Dev] app_meetme crash
Yeah the "if" is normally not needed!
can you provide more information about the situation of the crash? (how many
users where in, who left or anything else (your usage of meetme)).
perhaps i can reproduce this and then correctly fix it! (i made the patch)
Regards
Fabe
- Original Message -
From: "Rob Gagnon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 03, 2004 12:08 AM
Subject: Re: [Asterisk-Dev] app_meetme crash
> Hmmm
>
> If user->prevuser is NULL, then it SHOULD be the head of the list, in
which
> case the "if (user == cur->firstuser)" statement SHOULD have kicked in.
>
> So... this leads me to believe there is another bug some place else
actually
> causing the problem.
>
> I am not that familiar with the inerds of app_meetme, but from what I know
> of doubly-linked-lists, the if-statement you added should not be needed if
> the list integrity is maintained.
>
> Rob
> - Original Message -
> From: "Jared Mauch" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, June 02, 2004 4:29 PM
> Subject: [Asterisk-Dev] app_meetme crash
>
>
> >
> > See the patch, this will prevent it from coring, but could lead
> > to other issues.
> >
> > - Jared
> >
> > #0 0x003d2c1e in conf_run (chan=0x88aa400, conf=0x86ee8d8,
confflags=536)
> > at app_meetme.c:942
> > 942 user->prevuser->nextuser =
> user->nextuser;
> > (gdb) print *user
> > $1 = {user_no = 1, prevuser = 0x0, nextuser = 0x88beba8, userflags =
536,
> > adminflags = 0, chan = 0x88aa400,
> > usrvalue = "test", '\0' , jointime = 2586960}
> > (gdb) print *user->prevuser
> > Cannot access memory at address 0x0
> > (gdb) print *user->nextuser
> > $2 = {user_no = 2, prevuser = 0x0, nextuser = 0x8694058, userflags =
536,
> > adminflags = 0, chan = 0x8878370,
> > usrvalue = "test", '\0' , jointime = 2586960}
> > (gdb) print user->nextuser->prevuser
> > $3 = (struct ast_conf_user *) 0x0
> > (gdb) print user->prevuser
> > $4 = (struct ast_conf_user *) 0x0
> > (gdb) print user->nextuser
> > $5 = (struct ast_conf_user *) 0x88beba8
> > (gdb) print user->prevuser
> > $6 = (struct ast_conf_user *) 0x0
> >
> > diff -u -r1.35 app_meetme.c
> > --- app_meetme.c1 Jun 2004 22:54:18 - 1.35
> > +++ app_meetme.c2 Jun 2004 21:27:24 -
> > @@ -939,7 +939,9 @@
> > cur->lastuser = cur->lastuser->prevuser;
> > } else {
> > user->nextuser->prevuser =
user->prevuser;
> > - user->prevuser->nextuser =
user->nextuser;
> > + if (user->prevuser != NULL) {
> > + user->prevuser->nextuser =
> user->nextuser;
> > + }
> > }
> > /* Return the number of seconds the user was in
> the conf */
> > sprintf(meetmesecs, "%i", (int)
(user->jointime -
> time(NULL)));
> >
> > --
> > Jared Mauch | pgp key available via finger from [EMAIL PROTECTED]
> > clue++; | http://puck.nether.net/~jared/ My statements are only
> mine.
> > ___
> > Asterisk-Dev mailing list
> > [EMAIL PROTECTED]
> > http://lists.digium.com/mailman/listinfo/asterisk-dev
> > To UNSUBSCRIBE or update options visit:
> >http://lists.digium.com/mailman/listinfo/asterisk-dev
>
> ___
> Asterisk-Dev mailing list
> [EMAIL PROTECTED]
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-dev
>
___
Asterisk-Dev mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-dev
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [Asterisk-Dev] app_meetme crash
Hmmm
If user->prevuser is NULL, then it SHOULD be the head of the list, in which
case the "if (user == cur->firstuser)" statement SHOULD have kicked in.
So... this leads me to believe there is another bug some place else actually
causing the problem.
I am not that familiar with the inerds of app_meetme, but from what I know
of doubly-linked-lists, the if-statement you added should not be needed if
the list integrity is maintained.
Rob
- Original Message -
From: "Jared Mauch" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 02, 2004 4:29 PM
Subject: [Asterisk-Dev] app_meetme crash
>
> See the patch, this will prevent it from coring, but could lead
> to other issues.
>
> - Jared
>
> #0 0x003d2c1e in conf_run (chan=0x88aa400, conf=0x86ee8d8, confflags=536)
> at app_meetme.c:942
> 942 user->prevuser->nextuser =
user->nextuser;
> (gdb) print *user
> $1 = {user_no = 1, prevuser = 0x0, nextuser = 0x88beba8, userflags = 536,
> adminflags = 0, chan = 0x88aa400,
> usrvalue = "test", '\0' , jointime = 2586960}
> (gdb) print *user->prevuser
> Cannot access memory at address 0x0
> (gdb) print *user->nextuser
> $2 = {user_no = 2, prevuser = 0x0, nextuser = 0x8694058, userflags = 536,
> adminflags = 0, chan = 0x8878370,
> usrvalue = "test", '\0' , jointime = 2586960}
> (gdb) print user->nextuser->prevuser
> $3 = (struct ast_conf_user *) 0x0
> (gdb) print user->prevuser
> $4 = (struct ast_conf_user *) 0x0
> (gdb) print user->nextuser
> $5 = (struct ast_conf_user *) 0x88beba8
> (gdb) print user->prevuser
> $6 = (struct ast_conf_user *) 0x0
>
> diff -u -r1.35 app_meetme.c
> --- app_meetme.c1 Jun 2004 22:54:18 - 1.35
> +++ app_meetme.c2 Jun 2004 21:27:24 -
> @@ -939,7 +939,9 @@
> cur->lastuser = cur->lastuser->prevuser;
> } else {
> user->nextuser->prevuser = user->prevuser;
> - user->prevuser->nextuser = user->nextuser;
> + if (user->prevuser != NULL) {
> + user->prevuser->nextuser =
user->nextuser;
> + }
> }
> /* Return the number of seconds the user was in
the conf */
> sprintf(meetmesecs, "%i", (int) (user->jointime -
time(NULL)));
>
> --
> Jared Mauch | pgp key available via finger from [EMAIL PROTECTED]
> clue++; | http://puck.nether.net/~jared/ My statements are only
mine.
> ___
> Asterisk-Dev mailing list
> [EMAIL PROTECTED]
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-dev
___
Asterisk-Dev mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-dev
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
[Asterisk-Dev] app_meetme crash
See the patch, this will prevent it from coring, but could lead
to other issues.
- Jared
#0 0x003d2c1e in conf_run (chan=0x88aa400, conf=0x86ee8d8, confflags=536)
at app_meetme.c:942
942 user->prevuser->nextuser = user->nextuser;
(gdb) print *user
$1 = {user_no = 1, prevuser = 0x0, nextuser = 0x88beba8, userflags = 536,
adminflags = 0, chan = 0x88aa400,
usrvalue = "test", '\0' , jointime = 2586960}
(gdb) print *user->prevuser
Cannot access memory at address 0x0
(gdb) print *user->nextuser
$2 = {user_no = 2, prevuser = 0x0, nextuser = 0x8694058, userflags = 536,
adminflags = 0, chan = 0x8878370,
usrvalue = "test", '\0' , jointime = 2586960}
(gdb) print user->nextuser->prevuser
$3 = (struct ast_conf_user *) 0x0
(gdb) print user->prevuser
$4 = (struct ast_conf_user *) 0x0
(gdb) print user->nextuser
$5 = (struct ast_conf_user *) 0x88beba8
(gdb) print user->prevuser
$6 = (struct ast_conf_user *) 0x0
diff -u -r1.35 app_meetme.c
--- app_meetme.c1 Jun 2004 22:54:18 - 1.35
+++ app_meetme.c2 Jun 2004 21:27:24 -
@@ -939,7 +939,9 @@
cur->lastuser = cur->lastuser->prevuser;
} else {
user->nextuser->prevuser = user->prevuser;
- user->prevuser->nextuser = user->nextuser;
+ if (user->prevuser != NULL) {
+ user->prevuser->nextuser = user->nextuser;
+ }
}
/* Return the number of seconds the user was in the conf */
sprintf(meetmesecs, "%i", (int) (user->jointime - time(NULL)));
--
Jared Mauch | pgp key available via finger from [EMAIL PROTECTED]
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
___
Asterisk-Dev mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-dev
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
