[asterisk-bugs] [Asterisk 0012098]: Segmentation fault in chan_sip.c

noreply at bugs.digium.com noreply at bugs.digium.com
Tue Mar 11 19:05:26 CDT 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12098 
====================================================================== 
Reported By:                wegbert
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12098
Category:                   Channels/chan_sip/General
Reproducibility:            have not tried
Severity:                   crash
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  1.4  
SVN Revision (number only!): 104334 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             02-28-2008 09:50 CST
Last Modified:              03-11-2008 19:05 CDT
====================================================================== 
Summary:                    Segmentation fault in chan_sip.c
Description: 
Using svn version from yesterday (svn download reported revision 104534,
'show version on cli reports 'SVN-branch-1.4-r104334'), asterisk crashed
with an segmentation fault:

Program terminated with signal 11, Segmentation fault.
0 0xb7509bfe in __ast_pthread_mutex_lock (filename=0xb755bdf4
"chan_sip.c", lineno=1900, func=0xb755c318 "retrans_pkt", 
    mutex_name=0xb755c324 "&pkt->owner->lock", t=0x0) at
/usr/src/asterisk-1.4/include/asterisk/lock.h:302
302 int canlog = strcmp(filename, "logger.c") & t->track;

====================================================================== 

---------------------------------------------------------------------- 
 putnopvut - 03-11-08 19:05  
---------------------------------------------------------------------- 
I love valgrind :)

So here's what's happening: Apparently, the scheduler has a packet in it
that is queued for retransmission, but the packet has already been freed by
chan_sip. When it comes time for the scheduler to act on the packet, it is
reading from and writing to freed memory.

I suspect that if you had debugging turned on on your console, you'd
probably be seeing a message that says:

"Unable to cancel schedule ID x. This is probably a bug."

Right now I suspect that this is happening due to a race condition. I'll
look further into this soon to see what the appropriate fix is. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-11-08 19:05  putnopvut      Note Added: 0083789                          
======================================================================




More information about the asterisk-bugs mailing list