[asterisk-bugs] [JIRA] (ASTERISK-25939) Program terminated with SEGV triggered by PJSIP_BYE_METHOD handler

Claudiu Olteanu (JIRA) noreply at issues.asterisk.org
Tue Apr 19 10:35:56 CDT 2016 

Claudiu Olteanu created ASTERISK-25939:
------------------------------------------

             Summary: Program terminated with SEGV triggered by PJSIP_BYE_METHOD handler
                 Key: ASTERISK-25939
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25939
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Channels/chan_pjsip, Resources/res_pjsip_rfc3326, Resources/res_pjsip_session
    Affects Versions: 13.6.0
         Environment: RedHat 7.2, Kernel version 3.10.0-229.14.1.el7.x86_64
            Reporter: Claudiu Olteanu


I believe that there is a race condition between rfc3326_add_reason_header method and chan_pjsip handler.

A crash occurs when it tries to get the hangup cause:
{code}
#0  ast_channel_hangupcause (chan=0x0) at channel_internal_api.c:619
619		return chan->hangupcause;
#0  ast_channel_hangupcause (chan=0x0) at channel_internal_api.c:619
No locals.
#1  0x00007fe7af85df18 in rfc3326_add_reason_header (session=0x7fe6145fbf48, tdata=0x7fe7d800ed58) at res_pjsip_rfc3326.c:97
        buf = "Q.850;cause=16\000\000\060\246\370\001"
#2  rfc3326_outgoing_request (session=0x7fe6145fbf48, tdata=0x7fe7d800ed58) at res_pjsip_rfc3326.c:110
No locals.
#3  0x00007fe80992f488 in handle_outgoing_request (session=0x7fe6145fbf48, tdata=0x7fe7d800ed58) at res_pjsip_session.c:2251
        supplement = 0x7fe614616db0
        req = {method = {id = PJSIP_BYE_METHOD, name = {ptr = 0x7fe808d6f762 "BYE", slen = 3}}, uri = 0x7fe7d800f2c0}
        __PRETTY_FUNCTION__ = "handle_outgoing_request"
#4  0x00007fe80993144d in handle_outgoing (tdata=<optimized out>, session=0x7fe6145fbf48) at res_pjsip_session.c:2277
No locals.
#5  session_inv_on_tsx_state_changed (inv=<optimized out>, tsx=0x7fe7f807c378, e=0x7fe801f8a790) at res_pjsip_session.c:2395
        cb = <optimized out>
        session = 0x7fe6145fbf48
        tdata = 0x7fe801f8a6a0
        __PRETTY_FUNCTION__ = "session_inv_on_tsx_state_changed"
#6  0x00007fe8091a346d in mod_inv_on_tsx_state () from /lib64/libpjsip-ua.so.2
{code}

Logs and backtrace attached.




--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list