[asterisk-bugs] [JIRA] (ASTERISK-21806) Segfault in CHAN_SIP - in _int_malloc while in __ast_cc_config_params_init

Walter Doekes (JIRA) noreply at issues.asterisk.org
Thu Jul 4 10:05:03 CDT 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-21806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=207693#comment-207693 ] 

Walter Doekes commented on ASTERISK-21806:
------------------------------------------

> is that length out-of-bounds per the SIP RFC or out-of-bounds per asterisk?
> if it is out of bounds per the SIP RFC i'll go to the manufacturer and report
> a bug in the device.. if it is still within SIP RFC Spec but out of bounds
> for asterisk, they wont touch it..

You could debate about that.

Right now I don't even know what size SIP packets are being sent. That Call-ID you have there is 4762 bytes. The From-tag probably is equally big.

I can tell you that:
(A) The RFC says that packets larger than 1300 bytes SHOULD get sent over TCP.
(B) Those sizes you see there are really unusual.

And.. since the stack sizes in asterisk are small, I could see NOTIFY XML bodies getting overflowed when trying to add those tags and call-ids. Just a theory.
                
> Segfault in CHAN_SIP - in _int_malloc while in __ast_cc_config_params_init
> --------------------------------------------------------------------------
>
>                 Key: ASTERISK-21806
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-21806
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 1.8.15.0
>         Environment: CPU: Atom D525, RAM 4GB, Fedora Linux, Kernel 2.6.43.8-1.i686
> 2 Aastra endpoints, 1 Polycom IP-650, 1 96 port SIP to analog gateway
> Asterisk 1.8.15-cert2
>            Reporter: Christopher
>            Assignee: Rusty Newton
>         Attachments: backtrace-0703-1958.txt, core-dump-maxx-052213.txt, sip-2013-07-03--19-57-00.pcap, valgrind-052213-1530.txt, valgrind-0523-1545-no-malloc.txt, valgrind-good-052213-1930.txt
>
>
> Segfault occurs whether system is idle or is in-use. it will crash within a day or two even if 0 calls are made on it.  running under safe_asterisk, results in multiple crashes within a few minutes until eventually system ends up in a MUTEX lock. over 3 gigs of RAM available and plenty of disk space at time of first crash. Possibly related to the 96 port gateway producing 96 SIP registrations all at once?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list