0

Address 0xfffffffe out of bounds为什么以及如何解决。 MyConfbridgeCount(conferencenumber, variablename)返回由 conferencenumber 给定的会议中的用户总数,否则返回零。在运行时,我使用 MyConfbridgeCount(4000,count)。现在 app2:MyConfbridgeCount将调用函数count_exec(struct ast_channel *chan, const char *data)。但是在编译时char * data造成了核心转储。

Asterisk-11.5.1 Centos6 app_confbrige.c confbridge.conf** =================================== ====================================

Task:  Using Dailplan  user want to retrive no of user in conference  
        '6050' =>   1. Verbose(3,"testMyConfbridgeCount")      [pbx_config]
                    2. MyConfbridgeCount(4000,count)           [pbx_config]
                    3. verbose(3,"== ${count} ====")           [pbx_config]

问题:目前,一旦 app2 加载,星号核心就会转储:

   (gdb) bt
    #0  __strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S:64
    #1  0x00cefa49 in count_exec (chan=0xd09d78, data=0xfffffffe <Address 0xfffffffe out of bounds>) at app_confbridge.c:2438
    #2  0x080d40eb in __ast_cli_register (e=0xd09d78, ed=0x0) at cli.c:2118
    #3  0x080d4459 in ast_cli_register (e=0xd09d78) at cli.c:2178
    #4  0x080d4482 in ast_cli_register_multiple (e=0xd09900, len=13) at cli.c:2189
    #5  0x00cf8030 in load_module () at app_confbridge.c:4779
    #6  0x0812ba89 in start_resource (mod=0x905e740) at loader.c:845
    #7  0x0812c45c in load_resource_list (load_order=0xbfdbb8b0, global_symbols=0, mod_count=0xbfdbb8a8) at loader.c:1045
    #8  0x0812ca5a in load_modules (preload_only=0) at loader.c:1198
    #9  0x080895f7 in main (argc=4, argv=0xbfdbcdc4) at asterisk.c:4180
    (gdb) frame 1
    #1  0x00cefa49 in count_exec (chan=0xd09d78, data=0xfffffffe <Address 0xfffffffe out of bounds>) at app_confbridge.c:2438
    2438        ast_verb(3,"\n = 0xfffffffe inside count_exec == data add :%p ,len:%d ====\n",&data,strlen(data));

以下是来自的相关代码app/app_confbridge.c

static const char *const app2 ="MyConfbridgeCount";

static int load_module(void) {
    ast_verb(3 ,"==Inside load_module==");
    ast_verb(3 ,"\n ==Inside load_module==\n ");
    ast_log(LOG_NOTICE ,"\n ==Inside load_module==\n ");

    //tes4
    //const char *data= (char*)malloc(sizeof(char) * 256);
    char *sdata="4000,acPd";
    ast_verb(3 ,"\n ==Inside load_module  sdata [%s] at [%p] len[%d]\n ",sdata,&sdata,strlen(sdata));
    ast_log(LOG_NOTICE ,"\n ==Inside load_module  sdata [%s] at [%p] and len[%d]\n ",sdata,&sdata,strlen(sdata));

    char *data= malloc(sizeof(char) * 256);
    data=ast_strdupa(sdata);
    ast_verb(3 ,"\n ==Inside load_module  data is [%s] at [%p] len[%d]\n ",data,&data,strlen(data));

    ast_log(LOG_NOTICE ,"\n ==Inside load_module  data is  [%s] at [%p] and len[%d]\n ",data,&data,strlen(data));

    ast_verb(3 ,"\n==Inside load_module  data malloc == \n" );
    ast_log(LOG_NOTICE,"\n==Inside load_module  data malloc == \n" );

    res |= ast_register_application_xml(app2,count_exec);
    return res;
}

static int unload_module(void) {
    res |= ast_unregister_application(app2);
    return res;
}

static struct ast_cli_entry cli_confbridge[] = { AST_CLI_DEFINE(count_exec, "MyConfbrigdeCount Show Number of adminUser(s) in Conference." ),
}

static int count_exec(struct ast_channel *chan, const char *data) {
    int res = 0;
    struct conference_bridge *conf=NULL;
    int count;
    char *localdata;
    char val[80] = "0";

    struct ao2_iterator i;
    struct conference_bridge tmp;

    AST_DECLARE_APP_ARGS(args,
    AST_APP_ARG(confno);
    AST_APP_ARG(varname);
);

    ast_verb(3,"\n============Inside count_exec =============\n");

    ast_verb(3,"\n = 0xfffffffe inside count_exec == data[%s] at add :[%p] ,len:[%d] ====\n",data,&data,strlen(data));
    return res; 
}
4

2 回答 2

1

我更改了文件 app_confbridge.c (1) in func count_exect use ,&data in stand of data .(2) 在 func static struct ast_cli_entry cli_confbridge[] //AST_CLI_DEFINE(count_exec, "SabseConfbridgeCount Show Number of User(s) in会议。”),现在不再有崩溃核心转储。

于 2014-03-19T05:57:01.973 回答
0

我不知道您正在使用的星号 API,但显然在您使用 ast_register_application_xml() 注册函数后,库在加载模块时调用您的 count_exec 函数时会发生错误。显然指针是无效的,因此 strlen() 中发生的取消引用转储。

我的猜测是在设置应用程序时某些值没有正确初始化,或者可能没有提供参数或提供的参数顺序错误,或者忘记了地址运算符(0xffffffffe 是 -2 这听起来像变量的合法值)。

于 2014-03-13T09:33:46.643 回答