[asterisk-bugs] [Asterisk 0012346]: null pointer in chan_skinny when 'regcontext' used

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Apr 10 05:09:32 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12346 
====================================================================== 
Reported By:                candlerb
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12346
Category:                   Channels/chan_skinny
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.0 
SVN Revision (number only!): 111962 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             04-01-2008 03:57 CDT
Last Modified:              04-10-2008 05:09 CDT
====================================================================== 
Summary:                    null pointer in chan_skinny when 'regcontext' used
Description: 
Uncomment the 'regcontext' example line from skinny.conf, wait for a Cisco
phone to connect, and Asterisk dumps core.

GDB output:

...
[New Thread -1215501408 (LWP 12516)]
    -- Starting Skinny session from 10.69.255.249
    -- Added extension '110' priority 1 to skinnyregistrations

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1215501408 (LWP 12516)]
ast_add_extension2 (con=0x86d1a88, replace=1, extension=0xb78ce1c0 "110",
    priority=Variable "priority" is not available.
) at pbx.c:6056
6056                            if (x->exten) { /* this test for safety
purposes */
(gdb) bt
http://bugs.digium.com/view.php?id=0  ast_add_extension2 (con=0x86d1a88,
replace=1, extension=0xb78ce1c0
"110",
    priority=Variable "priority" is not available.
) at pbx.c:6056
http://bugs.digium.com/view.php?id=1  0x080e4f71 in ast_add_extension
(context=0x363840
"skinnyregistrations",
    replace=141620640, extension=0x870f5a0 "??p\b", priority=141620640,
    label=0x870f5a0 "??p\b", callerid=0x870f5a0 "??p\b",
    application=0x870f5a0 "??p\b", data=0x870f5a0, datad=0x870f5a0,
    registrar=0x870f5a0 "??p\b") at pbx.c:5859
http://bugs.digium.com/view.php?id=2  0x00359a6f in handle_message
(req=0x870f180, s=0x870e600)
    at
/home/candlerb/svn/asterisk/branches/1.6.0/include/asterisk/utils.h:502
http://bugs.digium.com/view.php?id=3  0x0035b88f in skinny_session
(data=0x870e600) at chan_skinny.c:5585
http://bugs.digium.com/view.php?id=4  0x08122445 in dummy_start (data=0x86d1a88)
at utils.c:870
http://bugs.digium.com/view.php?id=5  0x005793cc in start_thread () from
/lib/tls/libpthread.so.0
http://bugs.digium.com/view.php?id=6  0x004d21ae in clone () from
/lib/tls/libc.so.6
(gdb) print x
$1 = (struct match_char *) 0x0

I wondered if this was perhaps because I had no [skinnyregistrations]
section in extensions.conf, but I added one and it made no difference.

====================================================================== 

---------------------------------------------------------------------- 
 candlerb - 04-10-08 05:09  
---------------------------------------------------------------------- 
Sorry, I have been away for a few days.

To ensure I'm up to date, I have cleanly rebuilt asterisk/branches/1.6.0
(svn update; make distclean; ./configure --enable-dev-mode; make
menuselect; make; sudo make install)

PROBLEM 1: crash in pbx.c:6209

With keepalive=120, and regcontext enabled in skinny.conf, I can cause a
crash as before (by starting asterisk, waiting for the phone to register,
unplugging and replugging the phone)

With keepalive=30, I cannot crash it in this way. It takes 48 seconds from
plugging in the phone until it re-registers. A possibility, therefore, is
that the crash occurs when a phone re-registers while it is already
registered.

PROBLEM 2: "transmit to a non-existant [sic] session"

This was more difficult to replicate anyway, as it involved leaving the
phone for an extended period of time and then trying to make a call later.

A quick attempt to replicate with keepalive=30 and regcontext enabled
failed (I left the phone for about half an hour, and it made a call
successfully)

I have tried setting keepalive back to 120, commenting out regcontext to
prevent the crash, and will let you know if I can replicate it this way
again.

Note that the initially reported crash (problem 1) remains entirely
reproducible. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
04-10-08 05:09  candlerb       Note Added: 0085271                          
======================================================================

More information about the asterisk-bugs mailing list