Fix a crash in the ChanSpy application. The issue here is that if you call

ChanSpy and specify a spy group, and sit in the application long enough looping
through the channel list, you will eventually run out of stack space and the
application with exit with a seg fault.  The backtrace was always inside of
a harmless snprintf() call, so it was tricky to track down.  However, it turned
out that the call to snprintf() was just the biggest stack consumer in this
code path, so it would always be the first one to hit the boundary.

(closes issue #13338)
Reported by: ruddy

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@139213 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/apps/app_chanspy.c b/apps/app_chanspy.c
index aba4c3a52a06e8e5ccc22df9d17f263d3651f001..91e7b4ca7920004054c9f3f5fadc4187e333c2fb 100644 (file)
--- a/apps/app_chanspy.c
+++ b/apps/app_chanspy.c
@@ -555,7 +555,7 @@ static int common_exec(struct ast_channel *chan, const struct ast_flags *flags,
                        int igrp = !mygroup;
                        char *groups[25];
                        int num_groups = 0;
-                       char *dup_group;
+                       char dup_group[512];
                        int x;
                        char *s;
 
@@ -587,7 +587,7 @@ static int common_exec(struct ast_channel *chan, const struct ast_flags *flags,
 
                        if (mygroup) {
                                if ((group = pbx_builtin_getvar_helper(peer, "SPYGROUP"))) {
-                                       dup_group = ast_strdupa(group);
+                                       ast_copy_string(dup_group, group, sizeof(dup_group));
                                        num_groups = ast_app_separate_args(dup_group, ':', groups,
                                                                           sizeof(groups) / sizeof(groups[0]));
                                }