0

Address 0xfffffffe out of bounds why and how to solve. MyConfbridgeCount(conferencenumber, variablename) returns the total number of users in a conference given by conferencenumber, otherwise it returns zero. At runtime, I'm using MyConfbridgeCount(4000,count). Now app2: MyConfbridgeCount will call the function count_exec(struct ast_channel *chan, const char *data). But at compile time char * data caused a core dump.

Asterisk-11.5.1 Centos6 app_confbrige.c confbridge.conf** ======================================================================

Task:  Using Dailplan  user want to retrive no of user in conference  
        '6050' =>   1. Verbose(3,"testMyConfbridgeCount")      [pbx_config]
                    2. MyConfbridgeCount(4000,count)           [pbx_config]
                    3. verbose(3,"== ${count} ====")           [pbx_config]

The issue: Currently asterisk core dumped as soon as app2 loads:

   (gdb) bt
    #0  __strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S:64
    #1  0x00cefa49 in count_exec (chan=0xd09d78, data=0xfffffffe <Address 0xfffffffe out of bounds>) at app_confbridge.c:2438
    #2  0x080d40eb in __ast_cli_register (e=0xd09d78, ed=0x0) at cli.c:2118
    #3  0x080d4459 in ast_cli_register (e=0xd09d78) at cli.c:2178
    #4  0x080d4482 in ast_cli_register_multiple (e=0xd09900, len=13) at cli.c:2189
    #5  0x00cf8030 in load_module () at app_confbridge.c:4779
    #6  0x0812ba89 in start_resource (mod=0x905e740) at loader.c:845
    #7  0x0812c45c in load_resource_list (load_order=0xbfdbb8b0, global_symbols=0, mod_count=0xbfdbb8a8) at loader.c:1045
    #8  0x0812ca5a in load_modules (preload_only=0) at loader.c:1198
    #9  0x080895f7 in main (argc=4, argv=0xbfdbcdc4) at asterisk.c:4180
    (gdb) frame 1
    #1  0x00cefa49 in count_exec (chan=0xd09d78, data=0xfffffffe <Address 0xfffffffe out of bounds>) at app_confbridge.c:2438
    2438        ast_verb(3,"\n = 0xfffffffe inside count_exec == data add :%p ,len:%d ====\n",&data,strlen(data));

Here's the relevant code from app/app_confbridge.c: 

static const char *const app2 ="MyConfbridgeCount";

static int load_module(void) {
    ast_verb(3 ,"==Inside load_module==");
    ast_verb(3 ,"\n ==Inside load_module==\n ");
    ast_log(LOG_NOTICE ,"\n ==Inside load_module==\n ");

    //tes4
    //const char *data= (char*)malloc(sizeof(char) * 256);
    char *sdata="4000,acPd";
    ast_verb(3 ,"\n ==Inside load_module  sdata [%s] at [%p] len[%d]\n ",sdata,&sdata,strlen(sdata));
    ast_log(LOG_NOTICE ,"\n ==Inside load_module  sdata [%s] at [%p] and len[%d]\n ",sdata,&sdata,strlen(sdata));

    char *data= malloc(sizeof(char) * 256);
    data=ast_strdupa(sdata);
    ast_verb(3 ,"\n ==Inside load_module  data is [%s] at [%p] len[%d]\n ",data,&data,strlen(data));

    ast_log(LOG_NOTICE ,"\n ==Inside load_module  data is  [%s] at [%p] and len[%d]\n ",data,&data,strlen(data));

    ast_verb(3 ,"\n==Inside load_module  data malloc == \n" );
    ast_log(LOG_NOTICE,"\n==Inside load_module  data malloc == \n" );

    res |= ast_register_application_xml(app2,count_exec);
    return res;
}

static int unload_module(void) {
    res |= ast_unregister_application(app2);
    return res;
}

static struct ast_cli_entry cli_confbridge[] = { AST_CLI_DEFINE(count_exec, "MyConfbrigdeCount Show Number of adminUser(s) in Conference." ),
}

static int count_exec(struct ast_channel *chan, const char *data) {
    int res = 0;
    struct conference_bridge *conf=NULL;
    int count;
    char *localdata;
    char val[80] = "0";

    struct ao2_iterator i;
    struct conference_bridge tmp;

    AST_DECLARE_APP_ARGS(args,
    AST_APP_ARG(confno);
    AST_APP_ARG(varname);
);

    ast_verb(3,"\n============Inside count_exec =============\n");

    ast_verb(3,"\n = 0xfffffffe inside count_exec == data[%s] at add :[%p] ,len:[%d] ====\n",data,&data,strlen(data));
    return res; 
}
Darwind
  • 7,284
  • 3
  • 49
  • 48
user3391432
  • 11
  • 3

2 Answers2

1

i changed in file app_confbridge.c (1)in func count_exect use ,&data in stand of data .(2) put comment in func static struct ast_cli_entry cli_confbridge[] //AST_CLI_DEFINE(count_exec, "SabseConfbridgeCount Show Number of User(s) in Conference." ), now no more crash core dumped .

user3391432
  • 11
  • 3
0

I don't know the asterisk API which you are using but apparently the error happens when the library calls your count_exec function on loading the module, after you registered the function with ast_register_application_xml(). Obviously the pointer is invalid so that the dereferencing happening in strlen() dumps.

My guess is that some value hasn't been properly initialized when setting up the application, or perhaps a parameter hasn't been supplied or has been supplied in the wrong order, or an address operator has been forgotten (0xfffffffe is -2 which sounds like a legit value of a variable).

Peter - Reinstate Monica
  • 15,048
  • 4
  • 37
  • 62
  • thank Peter,but i have to register app as later on i have to use it for MyConfbridgeCount(4000,count) at run time ...so how to solve it ..any sugeestion .. – user3391432 Mar 13 '14 at 12:16
  • *i have to use MyConfbridgeCount(conferencenumber, variablename) at run time -> count_exec() so i must load it run time *how to solve it any suggestion ....? i have register it in load module...so how to solve it .... – user3391432 Mar 13 '14 at 12:25
  • Hm... sure it's not MyConfbridgeCount(4000,&count)? – Peter - Reinstate Monica Mar 13 '14 at 13:00
  • hi Peter , In Asterisk dailplan we write MyMyConfbridgeCount(4000,count) not MyConfbridgeCount(4000,&count) as dialplan dose not support pointer .i will ask to user enter confno and read it using Read() application of asterisk .count is just varaibl name so ....what is use of &count ...(dailplan is not like c pass address .) – user3391432 Mar 14 '14 at 04:52
  • Ok, then maybe count_exec should be de declared with an int as the second parameter, not a char* (I understand you are passing count, an int, when you register it). Or if the signature is fixed with a second param char* then you need indeed register it with the name of a variable which is a pointer to some storage which you filled with 2 or 4 bytes of int data, like *((int *)data = 237" (assuming you registered the func with data as second param). Oh, and then you can't do a strlen() over that "char *" because it is not a string but an int in disguise. – Peter - Reinstate Monica Mar 14 '14 at 05:24
  • Hi peter any help ... i must pass second param as char * as data may be data =(conferencenumber,varibalstring), i will parse confernce number ,varabliane from data .and "Note :cobferencenumber may be alphanumberic in future " say conferenceNUmber:IN007. ..Any help with this condition – user3391432 Mar 14 '14 at 06:54
  • Then call it with MyConfbridgeCount(4000, data) and in count_exec parse data with sscanf, like "sscanf(data, "%d,%s", &localCount, someName)" assuming that data contains "4000,acPd". localCount and someName are an int and char[], respectively, which will hold 4000 and "acPd" after the sscanf. – Peter - Reinstate Monica Mar 14 '14 at 07:21
  • HI Peter, problem is that , code has be compiled error free , but at run time when module laod count_exec then char* data , shows count_exec (chan=0xfb2178, data=0xfffffffe
    ).issue is Address 0xfffffffe out of bounds ,how to solve it .
     – user3391432 Mar 14 '14 at 08:19
  • In confbridge.conf write MyConfbridgeCount(4000, data) instead of MyConfbridgeCount(4000, count). – Peter - Reinstate Monica Mar 14 '14 at 09:45
  • confbridge.conf allow to create conferences menu ,cofenerence default bridge and conferencer default user, but not developer cretated app like MyConfbridgeCount. – user3391432 Mar 14 '14 at 10:34
  • Hi peter hi help me i have writen MyConfbridgeCount() in file: /etc/asterisk/testconfbridge.conf which call dailplan for myapp.user will dail extenseion numnber : 6050 to know total number of user in confernece number eg .4000. what if we write data or count it just a varaible name. – user3391432 Mar 14 '14 at 10:38
  • hi Peter i have learn from this refer https://wiki.asterisk.org/wiki/display/AST/ConfBridge+10 and works on – user3391432 Mar 14 '14 at 10:47