Under extremely weird cases removal of an extension can cause the trie that maps strings to extension structures to reference freed memory. The case I picked up on is where I have multiple iax/2 (will apply to SIP too) peers where one peer's name is a prefix for another, if the shorter name then goes away and gets removed as per regcontext in iax.conf or sip.conf memory corruption occurs, and if you're very lucky you don't crash. Reproducible: Always
Created attachment 280027 [details, diff] ast-1.8.5.0-pbx_exten_honor_findonly.patch The patch I also submitted upstream that I can confirm fixes the problem (as per valgrind test). Thanks Tony.
+*asterisk-1.8.5.0-r2 (14 Jul 2011) + + 14 Jul 2011; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.5.0-r1.ebuild, + +asterisk-1.8.5.0-r2.ebuild: + An intermittent explosion due to memory corruption was identified and patched + by Jaco Kroon, closes bug #375141. Old ebuild killed.