[asterisk-bugs] [JIRA] (ASTERISK-22805) res_rtp_asterisk: Crash when calling BIO_ctrl_pending in dtls_srtp_check_pending when dialed by JSSIP

Dmitry Burilov (JIRA) noreply at issues.asterisk.org
Wed Nov 6 08:36:03 CST 2013 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-22805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dmitry Burilov updated ASTERISK-22805:
--------------------------------------

    Description: 
Dial from Chrome 30.0.1599.101m via jssip application crash asterisk11.

-----------gdb output ----------------
Core was generated by `/usr/sbin/asterisk -f -vvvg -c'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f1353750875 in BIO_ctrl (b=0x7f132403bd80, cmd=10, larg=0, parg=0x0) at bio_lib.c:367
367			((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
----------------------------
----------- and ------------
#0  BIO_ctrl (b=0x7f824404ec30, cmd=10, larg=0, parg=0x0) at bio_lib.c:370
370		ret=b->method->ctrl(b,cmd,larg,parg);
[?1034h(gdb) frame 1
#1  0x00007f82d3ac3702 in dtls_srtp_check_pending (instance=0x7f824403e158, rtp=0x7f8244043360) at res_rtp_asterisk.c:1258
1258		size_t pending = BIO_ctrl_pending(rtp->write_bio);
(gdb) info frame 1
Stack frame at 0x7f82cc914dd0:
 rip = 0x7f82d3ac3702 in dtls_srtp_check_pending (res_rtp_asterisk.c:1258); saved rip 0x7f82d3ac40e6
 called by frame at 0x7f82cc914f20, caller of frame at 0x7f82cc914cd0
 source language c.
 Arglist at 0x7f82cc914dc0, args: instance=0x7f824403e158, rtp=0x7f8244043360
 Locals at 0x7f82cc914dc0, Previous frame's sp is 0x7f82cc914dd0
 Saved registers:
  rbx at 0x7f82cc914db0, rbp at 0x7f82cc914dc0, r12 at 0x7f82cc914db8, rip at 0x7f82cc914dc8
----------------------------

  was:
Dial from Chrome 30.0.1599.101m via jssip application crash asterisk11.

-----------gdb output ----------------
Core was generated by `/usr/sbin/asterisk -f -vvvg -c'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f1353750875 in BIO_ctrl (b=0x7f132403bd80, cmd=10, larg=0, parg=0x0) at bio_lib.c:367
367			((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
(gdb) q
----------------------------

    
> res_rtp_asterisk: Crash when calling BIO_ctrl_pending in dtls_srtp_check_pending when dialed by JSSIP 
> ------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-22805
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22805
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General, Resources/res_rtp_asterisk
>    Affects Versions: 11.5.1, 11.6.0, 11.7.0
>         Environment: Linux 2.6.32-358.18.1.el6.x86_64, OpenSSL 1.0.1e-fips 11 Feb 2013, srtp 1.4.4
>            Reporter: Dmitry Burilov
>            Assignee: Dmitry Burilov
>            Severity: Critical
>         Attachments: backtrace2.txt, backtrace.txt, coredump.tar.bz2, sip.conf
>
>
> Dial from Chrome 30.0.1599.101m via jssip application crash asterisk11.
> -----------gdb output ----------------
> Core was generated by `/usr/sbin/asterisk -f -vvvg -c'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x00007f1353750875 in BIO_ctrl (b=0x7f132403bd80, cmd=10, larg=0, parg=0x0) at bio_lib.c:367
> 367			((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
> ----------------------------
> ----------- and ------------
> #0  BIO_ctrl (b=0x7f824404ec30, cmd=10, larg=0, parg=0x0) at bio_lib.c:370
> 370		ret=b->method->ctrl(b,cmd,larg,parg);
> [?1034h(gdb) frame 1
> #1  0x00007f82d3ac3702 in dtls_srtp_check_pending (instance=0x7f824403e158, rtp=0x7f8244043360) at res_rtp_asterisk.c:1258
> 1258		size_t pending = BIO_ctrl_pending(rtp->write_bio);
> (gdb) info frame 1
> Stack frame at 0x7f82cc914dd0:
>  rip = 0x7f82d3ac3702 in dtls_srtp_check_pending (res_rtp_asterisk.c:1258); saved rip 0x7f82d3ac40e6
>  called by frame at 0x7f82cc914f20, caller of frame at 0x7f82cc914cd0
>  source language c.
>  Arglist at 0x7f82cc914dc0, args: instance=0x7f824403e158, rtp=0x7f8244043360
>  Locals at 0x7f82cc914dc0, Previous frame's sp is 0x7f82cc914dd0
>  Saved registers:
>   rbx at 0x7f82cc914db0, rbp at 0x7f82cc914dc0, r12 at 0x7f82cc914db8, rip at 0x7f82cc914dc8
> ----------------------------

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list