[asterisk-bugs] [JIRA] (ASTERISK-24707) Double free corruprion in PJSIP

Rusty Newton (JIRA) noreply at issues.asterisk.org
Fri Mar 6 15:27:36 CST 2015 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=225266#comment-225266 ] 

Rusty Newton commented on ASTERISK-24707:
-----------------------------------------

[~slavon] it has been a few weeks on this issue since we had a response. Can you provide the information Matt requested?

{quote}
If you'd like to use GCC ASAN to find the root cause of the corruption, that's fine. However, you'll need to provide that information, or else provide specific, step by step instructions, that allow someone other than you to analyze the problem.
{quote}

Also, consider https://wiki.asterisk.org/wiki/display/AST/MALLOC_DEBUG+Compiler+Flag as that may help.

> Double free corruprion in PJSIP
> -------------------------------
>
>                 Key: ASTERISK-24707
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24707
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 11.15.0
>            Reporter: Badalian Vyacheslav
>            Assignee: Matt Jordan
>         Attachments: gdb_ast_abort.log
>
>
> {code}
> Thread 187 (Thread 0x7fff98986700 (LWP 48837)):
> #0  0x00000037c9e32625 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> #1  0x00000037c9e33e05 in abort () at abort.c:92
> #2  0x00000037c9e70537 in __libc_message (do_abort=2, fmt=0x37c9f58900 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
> #3  0x00000037c9e75e66 in malloc_printerr (action=3, str=0x37c9f58c70 "double free or corruption (out)", ptr=<value optimized out>) at malloc.c:6336
> #4  0x00000037c9e789b3 in _int_free (av=0x37ca18fe80, p=0x7ffeda472650, have_lock=0) at malloc.c:4832
> #5  0x00007fff9ac3d774 in default_block_free () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
> #6  0x00007fff9ac444b1 in pj_pool_destroy_int () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
> #7  0x00007fff9ac44cbb in cpool_release_pool () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
> #8  0x00007fff9ac43ea1 in pj_pool_release () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
> #9  0x00007fff9ac22b86 in destroy_tdata () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
> #10 0x00007fff9ac22ba9 in pj_stun_msg_destroy_tdata () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
> #11 0x00007fff9ac22c22 in on_cache_timeout () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
> #12 0x00007fff9ac49c22 in pj_timer_heap_poll () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
> #13 0x00007fff9ac081b9 in timer_worker_thread (data=0x0) at res_rtp_asterisk.c:1744
> #14 0x00007fff9ac3b14f in thread_main () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
> #15 0x00000037ca2079d1 in start_thread (arg=0x7fff98986700) at pthread_create.c:301
> #16 0x00000037c9ee89dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list