[asterisk-bugs] [JIRA] (ASTERISK-26291) res_pjsip_session: segfault while creating/handling sdp for already disconnected session

Alexei Gradinari (JIRA) noreply at issues.asterisk.org
Fri Aug 12 15:27:56 CDT 2016


     [ https://issues.asterisk.org/jira/browse/ASTERISK-26291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alexei Gradinari updated ASTERISK-26291:
----------------------------------------

    Description: 
The function create_local_sdp tries to allocate memory on already disconnected session.
If session in disconnected state then session memory pools were already freed, so we get segfault.

The function handle_incoming_sdp calls negotiate_incoming_sdp_stream on already disconnected session.
segfault in libpjmedia because of allocating memory from memory pools already freed.


  was:
The function create_local_sdp tries to allocate memory on already disconnected session.
If session in disconnected state then session memory pools were already freed, so we get segfault.




> res_pjsip_session: segfault while creating/handling sdp for already disconnected session
> ----------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-26291
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26291
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_session
>    Affects Versions: 13.10.0
>            Reporter: Alexei Gradinari
>         Attachments: bt_20160812.txt, bt_full_208160811.txt, pjproject_log.txt
>
>
> The function create_local_sdp tries to allocate memory on already disconnected session.
> If session in disconnected state then session memory pools were already freed, so we get segfault.
> The function handle_incoming_sdp calls negotiate_incoming_sdp_stream on already disconnected session.
> segfault in libpjmedia because of allocating memory from memory pools already freed.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list