diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-08-20 22:14:35 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-08-20 22:14:35 +0000 |
commit | 075620eba46838e7bb2428ca29fb1fcaa4f21310 (patch) | |
tree | 0c5627c87d28143021ea97111f35d604f5624d68 /apps | |
parent | c389398945c8b2b757f5beb0870dc5f1522baa07 (diff) |
Fix a crash in the ChanSpy application. The issue here is that if you call
ChanSpy and specify a spy group, and sit in the application long enough looping
through the channel list, you will eventually run out of stack space and the
application with exit with a seg fault. The backtrace was always inside of
a harmless snprintf() call, so it was tricky to track down. However, it turned
out that the call to snprintf() was just the biggest stack consumer in this
code path, so it would always be the first one to hit the boundary.
(closes issue #13338)
Reported by: ruddy
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@139213 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'apps')
-rw-r--r-- | apps/app_chanspy.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/app_chanspy.c b/apps/app_chanspy.c index aba4c3a52..91e7b4ca7 100644 --- a/apps/app_chanspy.c +++ b/apps/app_chanspy.c @@ -555,7 +555,7 @@ static int common_exec(struct ast_channel *chan, const struct ast_flags *flags, int igrp = !mygroup; char *groups[25]; int num_groups = 0; - char *dup_group; + char dup_group[512]; int x; char *s; @@ -587,7 +587,7 @@ static int common_exec(struct ast_channel *chan, const struct ast_flags *flags, if (mygroup) { if ((group = pbx_builtin_getvar_helper(peer, "SPYGROUP"))) { - dup_group = ast_strdupa(group); + ast_copy_string(dup_group, group, sizeof(dup_group)); num_groups = ast_app_separate_args(dup_group, ':', groups, sizeof(groups) / sizeof(groups[0])); } |