[asterisk-bugs] [Asterisk 0014472]: asterisk segfault in AST_LIST_TRAVERSE_SAFE_BEGIN

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Feb 12 19:31:06 CST 2009 

The following issue requires your FEEDBACK. 
====================================================================== 
http://bugs.digium.com/view.php?id=14472 
====================================================================== 
Reported By:                yxbstorm
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   14472
Category:                   Core/General
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:           1.4.23 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-02-12 19:06 CST
Last Modified:              2009-02-12 19:31 CST
====================================================================== 
Summary:                    asterisk segfault in AST_LIST_TRAVERSE_SAFE_BEGIN
Description: 
Bt full attached.
Core was generated by `/usr/sbin/asterisk -f -U asterisk -G asterisk -vvvg
-c'.
Program terminated with signal 11, Segmentation fault.
http://bugs.digium.com/view.php?id=0  0x080f712f in ast_sched_del
(con=0x9a02c00, id=1308395) at
sched.c:267
267             AST_LIST_TRAVERSE_SAFE_BEGIN(&con->schedq, s, list) {
(gdb) bt full
http://bugs.digium.com/view.php?id=0  0x080f712f in ast_sched_del
(con=0x9a02c00, id=1308395) at
sched.c:267
        __list_next = (struct sched *) 0x63746e75
        __list_prev = (struct sched *) 0xb7e08ef0
        __new_prev = (struct sched *) 0x63746e75
        s = (struct sched *) 0x63746e75
        __PRETTY_FUNCTION__ = "ast_sched_del"
http://bugs.digium.com/view.php?id=1  0x00be3053 in parse_register_contact
(pvt=0x9b50b90, peer=0x9a48c58,
req=0xba0050) at chan_sip.c:8476
        _count = 0
        _sched_res = -1
        contact =
"<sip:82810\000172.172.172.122\0005060\000\000s?\000\000\000\000\000\000\000\000??\000\000\000\000f71a025ffa294d16f189f5d9b414269d",
'\0' <repeats 224 times>, "f3d271eb24e11e40f72246fcfedc1f3b", '\0' <repeats
124 times>,
"qS-\000\000\000\000\000\000\000\000\000ld-\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000??000X\214?t??t??
        data = "6b93", '\0' <repeats 224 times>,
"REGISTER:sip:172.172.172.2", '\0' <repeats 257 times>
        expires = 0xba045d "60"
        expiry = 60
        curi = 0xb9f9b9 "82810"
        n = 0xb9f9bf "172.172.172.122"
        pt = 0xb9f9cf "5060"
        port = 5060
        useragent = 0x9a02c00 "\001"
        hp = (struct hostent *) 0xb9f394
        ahp = {hp = {h_name = 0x0, h_aliases = 0x0, h_addrtype = 2,
h_length = 0, h_addr_list = 0xb9f3a8}, 
  buf = "??000??", '\0' <repeats 1015 times>}
        oldsin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr =
2058136748}, sin_zero = "\000\000\000\000\000\000\000"}
        testsin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr =
2058136748}, sin_zero = "\000\000\000\000\000\000\000"}
        __PRETTY_FUNCTION__ = "parse_register_contact"
http://bugs.digium.com/view.php?id=2  0x00be4f55 in register_verify
(p=0x9b50b90, sin=0xba0040,
req=0xba0050, uri=0xba0275 "sip:172.172.172.2") at chan_sip.c:8977
        res = AUTH_SUCCESSFUL
        peer = (struct sip_peer *) 0x9a48c58
        tmp =
"<sip:82810\000172.172.172.2\000\000?000\000\000\000\000\004?\000\000\000\000\000\000\000\000\000?B\000\000\000\000\000\000\000\000\000m?\000,?\000\230\r?t\227\016?tL?\000?B\000,?\000\230\r?t\030?\000?2154\000,?\000\217/?000L?\000\230\r?t\000\000\000\000??000?\000\000\000\001\200?\230\r?t\230\r?t\230\r?t\230\r?t?r?t\227\016?t\230\r?t\227\016?t",
'\0' <repeats 20 times>, "S\231?, '\0' <repeats 17 times>,
"W\003?000`\003?000R\003?000R\003?000\000"...
        name = 0xb9fcb5 "82810"
        c = 0x0
        t = 0xba0286 ""
        domain = 0xb9fcbb "172.172.172.2"
        __PRETTY_FUNCTION__ = "register_verify"
http://bugs.digium.com/view.php?id=3  0x00c06dc9 in handle_request_register
(p=0x9b50b90, req=0xba0050,
sin=0xba0040, e=0xba0275 "sip:172.172.172.2") at chan_sip.c:15839
        reason = 0xb9fe4c "u\002?
        res = 12726159
        __PRETTY_FUNCTION__ = "handle_request_register"
http://bugs.digium.com/view.php?id=4  0x00c07cce in handle_request (p=0x9b50b90,
req=0xba0050, sin=0xba0040,
recount=0xba0034, nounlock=0xba0038) at chan_sip.c:16068
        cmd = 0xba026c "REGISTER"
        cseq = 0xba0352 "32220 REGISTER"
        useragent = 0xba044c "SIP UA"
        seqno = 32220
        len = 5

====================================================================== 

---------------------------------------------------------------------- 
 (0100078) putnopvut (administrator) - 2009-02-12 19:31
 http://bugs.digium.com/view.php?id=14472#c100078 
---------------------------------------------------------------------- 
First off, it appears that you are not actually using 1.4.23, since line
8476 of chan_sip.c is not a call to ast_sched_del or AST_SCHED_DEL. I'm
assuming you are actually using an SVN checkout of the 1.4 branch. What
revision are you using? Are any custom patches applied?

In addition, this sort of problem is indicative of memory corruption.
Could you reproduce this problem while running Asterisk under Valgrind?
Please see doc/valgrind.txt for details. Thanks! 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-02-12 19:31 putnopvut      Note Added: 0100078                          
2009-02-12 19:31 putnopvut      Status                   new => feedback     
======================================================================

More information about the asterisk-bugs mailing list