[asterisk-bugs] [Asterisk 0017497]: [patch] [regression] Segmentation fault in scheduled event
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Aug 6 16:34:38 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17497
======================================================================
Reported By: anonymouz666
Assigned To: dvossel
======================================================================
Project: Asterisk
Issue ID: 17497
Category: Channels/chan_sip/General
Reproducibility: unable to reproduce
Severity: crash
Priority: normal
Status: assigned
Target Version: 1.6.2.12
Asterisk Version: SVN
JIRA: SWP-1703
Regression: Yes
Reviewboard Link: https://reviewboard.asterisk.org/r/315/
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2010-06-10 13:27 CDT
Last Modified: 2010-08-06 16:34 CDT
======================================================================
Summary: [patch] [regression] Segmentation fault in scheduled
event
Description:
(gdb) bt
https://issues.asterisk.org/view.php?id=0 0x0071a76d in strncasecmp () from
/lib/libc.so.6
https://issues.asterisk.org/view.php?id=1 0x008df159 in
send_provisional_keepalive_full (pvt=0xb54e0af0,
with_sdp=1) at chan_sip.c:2340
https://issues.asterisk.org/view.php?id=2 0x008df2a8 in
send_provisional_keepalive_with_sdp (data=0xb54e0af0) at
chan_sip.c:2365
https://issues.asterisk.org/view.php?id=3 0x080f6c5c in ast_sched_runq
(con=0x937f9b0) at sched.c:363
https://issues.asterisk.org/view.php?id=4 0x009244ec in do_monitor (data=0x0)
at chan_sip.c:17048
https://issues.asterisk.org/view.php?id=5 0x08106068 in dummy_start
(data=0x9381d48) at utils.c:856
https://issues.asterisk.org/view.php?id=6 0x007fc832 in start_thread () from
/lib/libpthread.so.0
https://issues.asterisk.org/view.php?id=7 0x0077ae0e in clone () from
/lib/libc.so.6
(gdb)
(gdb) bt full
https://issues.asterisk.org/view.php?id=0 0x0071a76d in strncasecmp () from
/lib/libc.so.6
No symbol table info available.
https://issues.asterisk.org/view.php?id=1 0x008df159 in
send_provisional_keepalive_full (pvt=0xb54e0af0,
with_sdp=1) at chan_sip.c:2340
msg = 0x0
https://issues.asterisk.org/view.php?id=2 0x008df2a8 in
send_provisional_keepalive_with_sdp (data=0xb54e0af0) at
chan_sip.c:2365
pvt = 0xb54e0af0
https://issues.asterisk.org/view.php?id=3 0x080f6c5c in ast_sched_runq
(con=0x937f9b0) at sched.c:363
current = 0xb6101948
tv = {tv_sec = 1276191797, tv_usec = 160228}
numevents = 0
res = -1216462136
https://issues.asterisk.org/view.php?id=4 0x009244ec in do_monitor (data=0x0)
at chan_sip.c:17048
res = 0
sip = 0x0
peer = 0x0
t = 1276191797
fastrestart = 0
lastpeernum = -1
curpeernum = 1
reloading = 0
__PRETTY_FUNCTION__ = "do_monitor"
https://issues.asterisk.org/view.php?id=5 0x08106068 in dummy_start
(data=0x9381d48) at utils.c:856
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {8437748,
0, -1216459888, -1216461896, -193775784, 1260196912}, __mask_was_saved =
0}},
__pad = {0xb77e4470, 0x0, 0x0, 0x0}}
__cancel_routine = 0x8067d05 <ast_unregister_thread>
__cancel_arg = 0xb77e4b90
not_first_call = 0
ret = 0x0
a = {start_routine = 0x923e7b <do_monitor>, data = 0x0,
name = 0x9381d58 "do_monitor", ' ' <repeats 11 times>, "started
at [17101] chan_sip.c restart_monitor()"}
https://issues.asterisk.org/view.php?id=6 0x007fc832 in start_thread () from
/lib/libpthread.so.0
No symbol table info available.
https://issues.asterisk.org/view.php?id=7 0x0077ae0e in clone () from
/lib/libc.so.6
No symbol table info available.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
has duplicate 0017272 [patch] Segmentation fault in scheduled...
======================================================================
----------------------------------------------------------------------
(0125667) svnbot (reporter) - 2010-08-06 16:34
https://issues.asterisk.org/view.php?id=17497#c125667
----------------------------------------------------------------------
Repository: asterisk
Revision: 281185
U branches/1.4/channels/chan_sip.c
------------------------------------------------------------------------
r281185 | dvossel | 2010-08-06 16:34:36 -0500 (Fri, 06 Aug 2010) | 20
lines
chan_sip: fixes provisional keepalive scheduled item crash
There is a scheduler item in chan_sip that keeps sending the
last provisional message in response to an INVITE Request for
a period of time until a final response to that INVITE is
sent. Because of the way this scheduler item works, it requires
a reference to a sip_pvt pointer to work properly. The problem
with this is that it is currently possible (but rare) for the
sip_pvt to get destroyed and that scheduler item to still
exist. When this occurs, the scheduler event fires and attempts
to access a freed sip_pvt which causes a crash.
(closes issue https://issues.asterisk.org/view.php?id=17497)
Reported by: anonymouz666
Patches:
keepalive_diff_1.4_v2.diff uploaded by dvossel (license 671)
Review: https://reviewboard.asterisk.org/r/849/
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=281185
Issue History
Date Modified Username Field Change
======================================================================
2010-08-06 16:34 svnbot Checkin
2010-08-06 16:34 svnbot Note Added: 0125667
======================================================================
More information about the asterisk-bugs
mailing list