Fixes iaxs and iaxsl size off by one issue.

2^15 = 32768 which is the maximum allowed iax2 callnumber.
Creating the iaxs and iaxsl array of size 32768 means the maximum
callnumber is actually out of bounds.  This causes a nasty crash.

(closes issue #15997)
Reported by: exarv
Patches:
      iax_fix.diff uploaded by dvossel (license 671)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@245792 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index ac58c7703dc9281f6a596d9336c48dad33306b60..f9f7255119e90a311193f85940be1ac38af8d2db 100644 (file)
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -912,8 +912,8 @@ static void __attribute__((format(printf, 1, 2))) jb_debug_output(const char *fm
        ast_verbose("%s", buf);
 }
 
-/* XXX We probably should use a mutex when working with this XXX */
-static struct chan_iax2_pvt *iaxs[IAX_MAX_CALLS];
+/* IAX_MAX_CALLS + 1 to avoid the off by one error case when accessing the max call number */
+static struct chan_iax2_pvt *iaxs[IAX_MAX_CALLS + 1];
 static ast_mutex_t iaxsl[ARRAY_LEN(iaxs)];
 
 /*!
@@ -936,7 +936,7 @@ static struct ao2_container *iax_transfercallno_pvts;
 
 /* Flag to use with trunk calls, keeping these calls high up.  It halves our effective use
    but keeps the division between trunked and non-trunked better. */
-#define TRUNK_CALL_START       ARRAY_LEN(iaxs) / 2
+#define TRUNK_CALL_START       IAX_MAX_CALLS / 2
 
 static int maxtrunkcall = TRUNK_CALL_START;
 static int maxnontrunkcall = 1;