From: Russell Bryant Date: Wed, 20 Aug 2008 22:14:35 +0000 (+0000) Subject: Fix a crash in the ChanSpy application. The issue here is that if you call X-Git-Tag: 1.4.22-rc2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6177d367e2d7a1f57e2dc1522b5ef4e8e8311857;p=thirdparty%2Fasterisk.git Fix a crash in the ChanSpy application. The issue here is that if you call ChanSpy and specify a spy group, and sit in the application long enough looping through the channel list, you will eventually run out of stack space and the application with exit with a seg fault. The backtrace was always inside of a harmless snprintf() call, so it was tricky to track down. However, it turned out that the call to snprintf() was just the biggest stack consumer in this code path, so it would always be the first one to hit the boundary. (closes issue #13338) Reported by: ruddy git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@139213 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/apps/app_chanspy.c b/apps/app_chanspy.c index aba4c3a52a..91e7b4ca79 100644 --- a/apps/app_chanspy.c +++ b/apps/app_chanspy.c @@ -555,7 +555,7 @@ static int common_exec(struct ast_channel *chan, const struct ast_flags *flags, int igrp = !mygroup; char *groups[25]; int num_groups = 0; - char *dup_group; + char dup_group[512]; int x; char *s; @@ -587,7 +587,7 @@ static int common_exec(struct ast_channel *chan, const struct ast_flags *flags, if (mygroup) { if ((group = pbx_builtin_getvar_helper(peer, "SPYGROUP"))) { - dup_group = ast_strdupa(group); + ast_copy_string(dup_group, group, sizeof(dup_group)); num_groups = ast_app_separate_args(dup_group, ':', groups, sizeof(groups) / sizeof(groups[0])); }