[asterisk-bugs] [JIRA] (ASTERISK-22896) pjsip inbound registration nominal test: Crash during memcpy in pjsip_print_msg

Matt Jordan (JIRA) noreply at issues.asterisk.org
Fri Nov 22 11:24:09 CST 2013 

Matt Jordan created ASTERISK-22896:
--------------------------------------

             Summary: pjsip inbound registration nominal test: Crash during memcpy in pjsip_print_msg
                 Key: ASTERISK-22896
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22896
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_pjsip_registrar, Tests/testsuite
    Affects Versions: 12.0.0-beta1
            Reporter: Matt Jordan


A crash occurred down in pjsip during a memcpy:

{noformat}
Core was generated by `/usr/sbin/asterisk -f -g -q -m -n -C /tmp/asterisk-testsuite/cda50392748533a56d'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003b74a8983e in memcpy () from /lib64/libc.so.6
#0  0x0000003b74a8983e in memcpy () from /lib64/libc.so.6
No symbol table info available.
#1  0x0000003688612683 in pjsip_msg_print () from /usr/lib64/libpjsip.so.2
No symbol table info available.
#2  0x000000368862115a in pjsip_tx_data_encode () from /usr/lib64/libpjsip.so.2
No symbol table info available.
#3  0x0000003688619ac7 in endpt_on_tx_msg () from /usr/lib64/libpjsip.so.2
No symbol table info available.
#4  0x000000368862164e in pjsip_transport_send () from /usr/lib64/libpjsip.so.2
No symbol table info available.
#5  0x000000368861af98 in pjsip_endpt_send_response () from /usr/lib64/libpjsip.so.2
No symbol table info available.
#6  0x00007f34daa40f9c in rx_task (data=0x7f35200025a8) at res_pjsip_registrar.c:462
        task_data = 0x7f35200025a8
        contacts = 0x7f352000c850
        added = 2
        updated = <value optimized out>
        deleted = 44759904
        contact_hdr = <value optimized out>
        details = {pool = 0x7f3520004990, uri = 0x7f3520004280}
        tdata = 0x7f352000d828
        addr = {transport = 0x15a9dd8, addr = {addr = {sa_family = 10}, ipv4 = {sin_family = 10, sin_port = 50451, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, ipv6 = {sin6_family = 10, sin6_port = 50451, sin6_flowinfo = 0, sin6_addr = {s6_addr = '\000' <repeats 15 times>, "\001", u6_addr32 = {0, 0, 0, 16777216}}, sin6_scope_id = 0}}, addr_len = 28, dst_host = {flag = 4, type = PJSIP_TRANSPORT_UDP6, addr = {host = {ptr = 0x7f352000e750 "::1", slen = 3}, port = 5061}}}
        aor_name = 0xf3f1b0 "charlie"
        __PRETTY_FUNCTION__ = "rx_task"
#7  0x00000000006f392b in ast_taskprocessor_execute (tps=0x7f3520002108) at taskprocessor.c:766
        local = {local_data = 0x1017d60, data = 0x81bd1a}
        t = 0x7f35200045b0
        size = 0
        __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
#8  0x000000000070451e in execute_tasks (data=0x7f3520002108) at threadpool.c:1152
        tps = 0x7f3520002108
#9  0x00000000006f392b in ast_taskprocessor_execute (tps=0x1017db8) at taskprocessor.c:766
        local = {local_data = 0x7f3502aafcb0, data = 0x704145}
        t = 0x7f3520004670
        size = 0
        __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
#10 0x0000000000701a99 in threadpool_execute (pool=0x12614d8) at threadpool.c:351
        __PRETTY_FUNCTION__ = "threadpool_execute"
#11 0x0000000000703ff5 in worker_active (worker=0x7f351c002318) at threadpool.c:1072
        alive = 1
#12 0x0000000000703c40 in worker_start (arg=0x7f351c002318) at threadpool.c:992
        worker = 0x7f351c002318
        __PRETTY_FUNCTION__ = "worker_start"
#13 0x0000000000716776 in dummy_start (data=0x7f351c002560) at utils.c:1169
        __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {0, -3789618721776692669, 139866752264800, 139865654757824, 0, 3, -3789618721801858493, 3819778638307299907}, __mask_was_saved = 0}}, __pad = {0x7f3502aafe50, 0x0, 0x0, 0x0}}
        __cancel_routine = 0x46116f <ast_unregister_thread>
        __cancel_arg = 0x7f3502ab0700
        not_first_call = 0
        ret = 0x0
        a = {start_routine = 0x703b50 <worker_start>, data = 0x7f351c002318, name = 0x7f351c002620 "worker_start         started at [ 1046] threadpool.c worker_thread_start()"}
        __PRETTY_FUNCTION__ = "dummy_start"
#14 0x0000003b74e07851 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#15 0x0000003b74ae890d in clone () from /lib64/libc.so.6
No symbol table info available.
{noformat}

Full backtrace and logs attached.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list