From 5a823cad50ae8db7774df863ae7bb3a55ee4d997 Mon Sep 17 00:00:00 2001 From: David Vossel Date: Tue, 9 Feb 2010 22:55:38 +0000 Subject: [PATCH] Fixes iaxs and iaxsl size off by one issue. 2^15 = 32768 which is the maximum allowed iax2 callnumber. Creating the iaxs and iaxsl array of size 32768 means the maximum callnumber is actually out of bounds. This causes a nasty crash. (closes issue #15997) Reported by: exarv Patches: iax_fix.diff uploaded by dvossel (license 671) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@245792 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_iax2.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index ac58c7703d..f9f7255119 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -912,8 +912,8 @@ static void __attribute__((format(printf, 1, 2))) jb_debug_output(const char *fm ast_verbose("%s", buf); } -/* XXX We probably should use a mutex when working with this XXX */ -static struct chan_iax2_pvt *iaxs[IAX_MAX_CALLS]; +/* IAX_MAX_CALLS + 1 to avoid the off by one error case when accessing the max call number */ +static struct chan_iax2_pvt *iaxs[IAX_MAX_CALLS + 1]; static ast_mutex_t iaxsl[ARRAY_LEN(iaxs)]; /*! @@ -936,7 +936,7 @@ static struct ao2_container *iax_transfercallno_pvts; /* Flag to use with trunk calls, keeping these calls high up. It halves our effective use but keeps the division between trunked and non-trunked better. */ -#define TRUNK_CALL_START ARRAY_LEN(iaxs) / 2 +#define TRUNK_CALL_START IAX_MAX_CALLS / 2 static int maxtrunkcall = TRUNK_CALL_START; static int maxnontrunkcall = 1; -- 2.47.3