Issues With Siren14 Codec In Asterisk 14.3.0
I’m seeing Asterisk crashes with the following frame at func_speex.c:188:
(gdb) p *frame
$6 = {frametype = AST_FRAME_VOICE, subclass = {integer = 0,
format = 0xe2f9e20, frame_ending = 0}, datalen = 0, samples = 640,
mallocd = 1, mallocd_hdr_len = 232, offset = 64,
src = 0x2ac07413e7f8 “siren14tolin32”, data = {ptr = 0x3cab9378,
uint32 = 1017877368, pad = “x\223\253<\000\000\000"}, delivery = {
tv_sec = 1491485582, tv_usec = 407272}, frame_list = {next = 0x0},
flags = 0, ts = 0, len = 0, seqno = 0}
frame->data.ptr is an out-of-range address.
Does this ring a bell to anybody? Without sources of the Siren14 codec, how would you recommend we debug this?
3 thoughts on - Issues With Siren14 Codec In Asterisk 14.3.0
I would say this is a bug in func_speex and not in codec_siren14. This is because the datalen is zero. There is no data on the frame (which is why frame->data.ptr is garbage, although it could be improved to be NULL) but there are samples, so it’s an interpolated frame. The func_speex module should be changed to handle this.
I’d suggest filing an issue on the issue tracker for it[1].
[1] https://issues.asterisk.org/jira
Ah! So, like?
*** func_speex.c.orig 2017-02-13 15:00:19.000000000 -0500
— func_speex.c 2017-04-06 11:16:03.000000000 -0400
***************
*** 185,189 ****
}
! speex_preprocess(sdi->state, frame->data.ptr, NULL);
snprintf(source, sizeof(source), “%s/speex”, frame->src);
if (frame->mallocd & AST_MALLOCD_SRC) {
— 185,190 —
Yes, although really you only need to check datalen. If that is set to non-zero then there is data.