[asterisk-bugs] [JIRA] (ASTERISK-26291) res_pjsip_session: segfault while creating/handling sdp for already disconnected session
Richard Mudgett (JIRA)
noreply at issues.asterisk.org
Wed Aug 17 16:34:56 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-26291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231848#comment-231848 ]
Richard Mudgett edited comment on ASTERISK-26291 at 8/17/16 4:34 PM:
---------------------------------------------------------------------
Copy/pasting from Gerrit:
{quote}
I used SIPp to stress test asterisk using TLS.
The scenario:
SIPp-sender: INVITE transport:TLS -> ASTERISK
ASTERISK: INVITE transport:TLS -> SIPp-receiver
SIPp-receiver: 200 OK with sdp -> ASTERISK
ASTERISK: 200 OK with sdp -> SIPp-sender
If SIPp-sender terminates TCP connection than
the pjproject calls on_tsx_state_changed with state PJSIP_EVENT_TRANSPORT_ERROR.
I think session_inv_on_tsx_state_changed is run on pjsip monitor thread,
at the same time there may be task in the queue of the session serializer.
So when taskprocessor execs the function new_invite,
the session is already in disconnected state.
I see a difference between PJSIP_EVENT_TRANSPORT_ERROR and PJSIP_EVENT_TIMER in
the function session_inv_on_tsx_state_changed.
{quote}
was (Author: jcolp):
Copy/pasting from Gerrit:
I used SIPp to stress test asterisk using TLS.
The scenario:
SIPp-sender: INVITE transport:TLS -> ASTERISK
ASTERISK: INVITE transport:TLS -> SIPp-receiver
SIPp-receiver: 200 OK with sdp -> ASTERISK
ASTERISK: 200 OK with sdp -> SIPp-sender
If SIPp-sender terminates TCP connection than
the pjproject calls on_tsx_state_changed with state PJSIP_EVENT_TRANSPORT_ERROR.
I think session_inv_on_tsx_state_changed is run on pjsip monitor thread,
at the same time there may be task in the queue of the session serializer.
So when taskprocessor execs the function new_invite,
the session is already in disconnected state.
I see a difference between PJSIP_EVENT_TRANSPORT_ERROR and PJSIP_EVENT_TIMER in
the function session_inv_on_tsx_state_changed.
> res_pjsip_session: segfault while creating/handling sdp for already disconnected session
> ----------------------------------------------------------------------------------------
>
> Key: ASTERISK-26291
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26291
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip_session
> Affects Versions: 13.10.0
> Reporter: Alexei Gradinari
> Assignee: Alexei Gradinari
> Attachments: bt_20160812.txt, bt_full_208160811.txt, pjproject_log.txt
>
>
> The function create_local_sdp tries to allocate memory on already disconnected session.
> If session in disconnected state then session memory pools were already freed, so we get segfault.
> The function handle_incoming_sdp calls negotiate_incoming_sdp_stream on already disconnected session.
> segfault in libpjmedia because of allocating memory from memory pools already freed.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list