[asterisk-bugs] [JIRA] (ASTERISK-25939) Program terminated with SEGV triggered by PJSIP_BYE_METHOD handler

Joshua Colp (JIRA) noreply at issues.asterisk.org
Tue Apr 19 10:48:56 CDT 2016 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-25939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp updated ASTERISK-25939:
-----------------------------------

    Assignee: Claudiu Olteanu  (was: Unassigned)
      Status: Waiting for Feedback  (was: Triage)

> Program terminated with SEGV triggered by PJSIP_BYE_METHOD handler
> ------------------------------------------------------------------
>
>                 Key: ASTERISK-25939
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25939
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip, Resources/res_pjsip_rfc3326, Resources/res_pjsip_session
>    Affects Versions: 13.6.0
>         Environment: RedHat 7.2, Kernel version 3.10.0-229.14.1.el7.x86_64
>            Reporter: Claudiu Olteanu
>            Assignee: Claudiu Olteanu
>              Labels: crash
>         Attachments: backtrace.txt, full.txt
>
>
> I believe that there is a race condition between rfc3326_add_reason_header method and chan_pjsip handler.
> A crash occurs when it tries to get the hangup cause:
> {code}
> #0  ast_channel_hangupcause (chan=0x0) at channel_internal_api.c:619
> 619		return chan->hangupcause;
> #0  ast_channel_hangupcause (chan=0x0) at channel_internal_api.c:619
> No locals.
> #1  0x00007fe7af85df18 in rfc3326_add_reason_header (session=0x7fe6145fbf48, tdata=0x7fe7d800ed58) at res_pjsip_rfc3326.c:97
>         buf = "Q.850;cause=16\000\000\060\246\370\001"
> #2  rfc3326_outgoing_request (session=0x7fe6145fbf48, tdata=0x7fe7d800ed58) at res_pjsip_rfc3326.c:110
> No locals.
> #3  0x00007fe80992f488 in handle_outgoing_request (session=0x7fe6145fbf48, tdata=0x7fe7d800ed58) at res_pjsip_session.c:2251
>         supplement = 0x7fe614616db0
>         req = {method = {id = PJSIP_BYE_METHOD, name = {ptr = 0x7fe808d6f762 "BYE", slen = 3}}, uri = 0x7fe7d800f2c0}
>         __PRETTY_FUNCTION__ = "handle_outgoing_request"
> #4  0x00007fe80993144d in handle_outgoing (tdata=<optimized out>, session=0x7fe6145fbf48) at res_pjsip_session.c:2277
> No locals.
> #5  session_inv_on_tsx_state_changed (inv=<optimized out>, tsx=0x7fe7f807c378, e=0x7fe801f8a790) at res_pjsip_session.c:2395
>         cb = <optimized out>
>         session = 0x7fe6145fbf48
>         tdata = 0x7fe801f8a6a0
>         __PRETTY_FUNCTION__ = "session_inv_on_tsx_state_changed"
> #6  0x00007fe8091a346d in mod_inv_on_tsx_state () from /lib64/libpjsip-ua.so.2
> {code}
> Logs and backtrace attached.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list