Bug#507883: release critical

Lars Bensmann lars at almosthappy.de
Wed Dec 10 12:14:59 UTC 2008 

On Tue, Dec 09, 2008 at 11:29:30PM +0200, Tzafrir Cohen wrote:
> > It doesn't matter if the jump target is actually there. If I replace
> > 'foo|1' by 'blah|foo|1' or just '1' I don't have any problems. If I delete
> > the NoOp line the problem also disappears.

I tried to port the patch, but I failed. Asterisk compiles but core dumps on
startup (although this time it's not related to the extensions.ael I think.)

I attached the patch if someone wants to use it as a starting point.

I used
        (cd ael; flex ael.flex; sed -i -e "/begin standard C headers/i#include \"asterisk.h\"" ael_lex.c)
        (cd ael; sed 's@#if __STDC_VERSION__ >= 199901L@#if !defined __STDC_VERSION__ || __STDC_VERSION__ >= 199901L@' ael_lex.c > zz; mv zz ael_lex.c)
(as found in ael/Makefile) to regenerate ael_lex.c

-- 
Hardware:
        The parts of a computer system that can be kicked.
-------------- next part --------------
diff -r -U3 ../asterisk-1.4.21.2~dfsg/include/asterisk/ael_structs.h ./include/asterisk/ael_structs.h
--- ../asterisk-1.4.21.2~dfsg/include/asterisk/ael_structs.h	2008-03-27 04:21:05.000000000 +0100
+++ ./include/asterisk/ael_structs.h	2008-12-10 11:16:10.000000000 +0100
@@ -88,7 +88,6 @@
 		struct pval *statements; /* used in case, default, catch, while's statement, CONTEXT elements, GLOBALS */
 		char *val;  /* used in VARDEC */
 		char *for_test; /* used in FOR */
-		int label_in_case; /* a boolean for LABELs */
 		struct pval *goto_target;  /* used in GOTO */
 	} u2;
 	
diff -r -U3 ../asterisk-1.4.21.2~dfsg/pbx/ael/ael.flex ./pbx/ael/ael.flex
--- ../asterisk-1.4.21.2~dfsg/pbx/ael/ael.flex	2008-03-18 07:37:15.000000000 +0100
+++ ./pbx/ael/ael.flex	2008-12-10 11:42:06.000000000 +0100
@@ -238,7 +238,8 @@
 
 [-a-zA-Z0-9'"_/.\<\>\*\+!$#\[\]][-a-zA-Z0-9'"_/.!\*\+\<\>\{\}$#\[\]]*	{
 		STORE_POS;
-		yylval->str = strdup(yytext);
+		yylval->str = ast_malloc(yyleng+1);
+		ast_copy_string(yylval->str, yytext, yyleng+1);
 		prev_word = yylval->str;
 		return word;
 	}
@@ -257,7 +258,8 @@
 			STORE_LOC;
 			ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext);
 			BEGIN(0);
-			yylval->str = strdup(yytext);
+			yylval->str = ast_malloc(yyleng+1);
+			ast_copy_string(yylval->str, yytext, yyleng+1);
 			prev_word = 0;
 			return word;
 		}
@@ -266,8 +268,8 @@
 			yymore();
 		} else {
 			STORE_LOC;
-			yylval->str = strdup(yytext);
-			yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */
+			yylval->str = ast_malloc(yytext);
+			ast_copy_string(yylval->str, yytext, yyleng);
 			unput(')');
 			BEGIN(0);
 			return word;
@@ -289,7 +291,8 @@
 			ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n",
 				my_file, my_lineno, my_col, c);
 			BEGIN(0);
-			yylval->str = strdup(yytext);
+			yylval->str = ast_malloc(yyleng+1);
+			ast_copy_string(yylval->str, yytext, yyleng+1);
 			return word;
 		}
 		yymore();
@@ -317,7 +320,8 @@
 			STORE_LOC;
 			ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression!\n", my_file, my_lineno, my_col);
 			BEGIN(0);
-			yylval->str = strdup(yytext);
+			yylval->str = ast_malloc(yyleng+1);
+			ast_copy_string(yylval->str, yytext, yyleng+1);
 			return word;
 		}
 
@@ -329,22 +333,22 @@
 			BEGIN(0);
 			if ( !strcmp(yytext, ")") )
 				return RP;
-			yylval->str = strdup(yytext);
-			yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */
+			yylval->str = ast_malloc(yyleng);
+			ast_copy_string(yylval->str, yytext, yyleng);
 			unput(')');
 			return word;
 		}
 	}
 
 <argg>{NOARGG}\,	{
-		if( parencount != 0) { /* printf("Folding in a comma!\n"); */
+		if( parencount != 0) { /* ast_log(LOG_NOTICE, "Folding in a comma!\n"); */
 			yymore();
 		} else  {
 			STORE_LOC;
 			if( !strcmp(yytext,"," ) )
 				return COMMA;
-			yylval->str = strdup(yytext);
-			yylval->str[yyleng-1] = '\0';
+			yylval->str = ast_malloc(yyleng);
+			ast_copy_string(yylval->str, yytext, yyleng);
 			unput(',');
 			return word;
 		}
@@ -356,7 +360,8 @@
 			STORE_LOC;
 			ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c);
 			BEGIN(0);
-			yylval->str = strdup(yytext);
+			yylval->str = ast_malloc(yyleng+1);
+			ast_copy_string(yylval->str, yytext, yyleng+1);
 			return word;
 		}
 		yymore();
@@ -379,7 +384,8 @@
 			STORE_LOC;
 			ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c);
 			BEGIN(0);
-			yylval->str = strdup(yytext);
+			yylval->str = ast_malloc(yyleng+1);
+			ast_copy_string(yylval->str, yytext, yyleng+1);
 			return word;
 		}
 		yymore();
@@ -387,8 +393,8 @@
 
 <semic>{NOSEMIC};	{
 		STORE_LOC;
-		yylval->str = strdup(yytext);
-		yylval->str[yyleng-1] = '\0';
+		yylval->str = ast_malloc(yyleng);
+		ast_copy_string(yylval->str, yytext, yyleng);
 		unput(';');
 		BEGIN(0);
 		return word;
diff -r -U3 ../asterisk-1.4.21.2~dfsg/pbx/pbx_ael.c ./pbx/pbx_ael.c
--- ../asterisk-1.4.21.2~dfsg/pbx/pbx_ael.c	2008-06-03 16:49:46.000000000 +0200
+++ ./pbx/pbx_ael.c	2008-12-10 11:59:11.000000000 +0100
@@ -710,7 +710,7 @@
 	regex_t preg;
 	
 	/* simple case, they match exactly, the pattern and exten name */
-	if( !strcmp(pattern,exten) == 0 )
+	if( strcmp(pattern,exten) == 0 )
 		return 1;
 	
 	if ( pattern[0] == '_' ) {
@@ -2959,7 +2959,7 @@
 			pr->type = AEL_APPCALL;
 			p->u2.goto_target = get_goto_target(p);
 			if( p->u2.goto_target ) {
-				p->u3.goto_target_in_case = p->u2.goto_target->u2.label_in_case = label_inside_case(p->u2.goto_target);
+				p->u3.goto_target_in_case = label_inside_case(p->u2.goto_target);
 			}
 			
 			if (!p->u1.list->next) /* just one */ {

More information about the Pkg-voip-maintainers mailing list