[asterisk-bugs] [JIRA] (ASTERISK-24925) Crash within pjprojects(libpjnath) pj_stun_session_on_rx_pkt

Dade Brandon (JIRA) noreply at issues.asterisk.org
Fri Apr 24 21:26:32 CDT 2015 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=226008#comment-226008 ] 

Dade Brandon commented on ASTERISK-24925:
-----------------------------------------

I'm getting this same crash in 11.17.1;  I haven't had the chance to get this crash with debug symbols enabled in pjproject, but wanted to me too this. 

I don't think it's a problem in pjproject

Based on reviewing sess->cached_response_list and the pjproject list management inlines, t should never be null on that line, unless that list was not already initialized, however your backtrace clearly shows it as null.  My gut feeling is that asterisk is sending two stun packets through this code path, from different threads, before pj_stun_session_create has a chance to run pj_list_init(&sess->cached_response_list) in the first thread.

Validating t != &sess->cached_response_list on the line you reference, aside from being outside of the scope of this jira, would be more likely just defer the crash, in to pj_stun_session_destroy at the latest.

I guess whether this is an asterisk issue or pjproject issue would more likely come down to whether or not pjproject has documented that per-comp RTP read callbacks are not thread safe.

I won't be the one fixing this unfortunately, i'm not experienced enough with multithreaded development to resolve this confidently.

> Crash within pjprojects(libpjnath) pj_stun_session_on_rx_pkt
> ------------------------------------------------------------
>
>                 Key: ASTERISK-24925
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24925
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip, pjproject/pjsip
>    Affects Versions: 13.1.0
>         Environment: pjprojects version 2.2, asterisk version 13.1.0, OS is 64 bit fedora 20.
>            Reporter: Stefan Engström
>            Assignee: Rusty Newton
>         Attachments: crash-coredump-with-debuginfo-toupload, webrtcstundebug.pdf, wiresharksnapshotstunburst.PNG
>
>
> Not yet reproducable. The use-case is a dial to a webrtc-peer, that is a chan_sip peer with transport wss and icesupport=yes.
> Will try to debug this issue myself first, and add more data  continuously.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list