Under some conditions the asterisk fax code causes spandsp to crash. In my case this is because g729 data is being passed off to spandsp from what I do understand of the situation. Patch available at the bug report and from a quick glance should fix the issue, but I need to rig a test to confirm. Specific patch at https://issues.asterisk.org/jira/secure/attachment/49214/spandsp_g711decode.diff My backtrace looks like: #0 process_rx_data (t=0x7fae54c698a8, user_data=0x2, data_type=1, field_type=<optimized out>, buf=0x7fae11c58cda "cng", len=0) at t38_terminal.c:314 #1 0x00007fae11c22c7d in t38_core_rx_ifp_packet (s=0x7fae54c698a8, buf=0x7fae54c8475b "\002", len=1, seq_no=<optimized out>) at t38_core.c:459 #2 0x00007fae50ea96c5 in generic_fax_exec (chan=chan@entry=0x7fadc4548c18, details=details@entry=0x7fad50602c28, reserved=reserved@entry=0x7fad50155478, token=<optimized out>) at res_fax.c:1498 #3 0x00007fae50eaea9e in receivefax_exec (chan=0x7fadc4548c18, data=<optimized out>) at res_fax.c:1932 #4 0x0000000000530fdd in pbx_exec (c=c@entry=0x7fadc4548c18, app=app@entry=0x2ddca60, data=data@entry=0x7fad838b6cd0 "/tmp/morpheus-1391681512.850.tiff") at pbx.c:1622 #5 0x000000000053656f in pbx_extension_helper (c=c@entry=0x7fadc4548c18, context=<optimized out>, exten=exten@entry=0x7fadc4549ab8 "0123489251", priority=priority@entry=6, label=label@entry=0x0, callerid=callerid@entry=0x7fadc44757b0 "0126413300", action=action@entry=E_SPAWN, found=found@entry=0x7fad838bad60, combined_find_spawn=combined_find_spawn@entry=1, con=0x0) at pbx.c:4922 #6 0x00000000005404a4 in ast_spawn_extension (found=0x7fad838bad60, callerid=0x7fadc44757b0 "0126413300", priority=6, exten=0x7fadc4549ab8 "0123489251", context=<optimized out>, c=0x7fadc4548c18, combined_find_spawn=<optimized out>) at pbx.c:6038 #7 __ast_pbx_run (c=c@entry=0x7fadc4548c18, args=args@entry=0x0) at pbx.c:6513 #8 0x0000000000541c0b in pbx_thread (data=data@entry=0x7fadc4548c18) at pbx.c:6843 #9 0x0000000000587c5a in dummy_start (data=<optimized out>) at utils.c:1162 #10 0x00007fae530f2f3a in start_thread (arg=0x7fad838bb700) at pthread_create.c:308 #11 0x00007fae54754dad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 Which however, does NOT match the patch, however, the discussion on asterisk seems to imply that the visibility of the patch and the effect isn't in the same place. Reproducible: Always
+*asterisk-11.7.0-r1 (06 Feb 2014) + + 06 Feb 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.7.0-r1.ebuild: + Stop blowing up the V21 tone detector in SpanDSP by sanitising the input data + properly. Patch by Michal Rybarik scavenged from an upstream bug report by + Jaco Kroon. Closes bug #500504.