[asterisk-bugs] [JIRA] (ASTERISK-24498) Segmentation fault on attended transfer

Matt Jordan (JIRA) noreply at issues.asterisk.org
Wed Nov 5 09:52:29 CST 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223295#comment-223295 ] 

Matt Jordan commented on ASTERISK-24498:
----------------------------------------

Well, that's a bit odd. Somehow the RTCP payload looks to be 'bad', and when {{res_hep_rtcp}} went to decode it things went upside down:

{noformat}
#0  0x000000000058e51b in rtcp_report_to_json (msg=0x7fa410002658, sanitize=0x0) at rtp_engine.c:1913
1913			snprintf(str_lsr, sizeof(str_lsr), "%u", payload->report->report_block[i]->lsr);
#0  0x000000000058e51b in rtcp_report_to_json (msg=0x7fa410002658, sanitize=0x0) at rtp_engine.c:1913
        json_report_block = 0x7fa400006128
        str_lsr = "0\000蹣\177\000\000\024\270]1\377\177\000\000\260*蹣\177\000\000\000\000\000\000\000\000\000"
        payload = 0x7fa410002468
        json_rtcp_report = 0x0
        json_rtcp_report_blocks = 0x7fa400002a68
        json_rtcp_sender_info = 0x0
        json_channel = 0x0
        i = 1
{noformat}

I'm wondering what {{payload}} actually is at this point.

In the core file, can you use {{gdb}} to print the following:
{noformat}
# frame 0
# print *payload
# print payload->report
# print payload->report->report_block[0]
{noformat}

> Segmentation fault on attended transfer
> ---------------------------------------
>
>                 Key: ASTERISK-24498
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24498
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 13.0.0
>         Environment: Asterisk 13.0.0 on CentOS 6.5 
> extension 601 - SNOM 710
> extension 602 - yealink T46
> extension 603 - Jitsi
>            Reporter: Beppo mazzucato
>         Attachments: backtrace.txt, log.txt
>
>
> Asterisk crash trying to perform an attended transfer 
> ext 602 call ext 601
> ext 601 put the call on hold
> ext 601 call extension 603
> when ext 603 answers asterisk crashes
> Unattended transfer works properly
> If the attended transfer is made by the yealink phone (in other words echanging the roles of ext 601 and ext 602 above) it works properly
> Same scenario doesn't crash with asterisk 11.13.1
> I'm attaching log and backtrace



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list