[asterisk-bugs] [JIRA] (ASTERISK-25823) SIGSEGV, Segmentation fault. - ../sysdeps/x86_64/strlen.S: No such file or directory.

Andreas Krüger (JIRA) noreply at issues.asterisk.org
Tue Mar 29 08:57:56 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=230050#comment-230050 ] 

Andreas Krüger commented on ASTERISK-25823:
-------------------------------------------

Problem still exists. And now it has been moved to:

https://github.com/asterisk/asterisk/commit/f0799da3ac7e13638838063fe3cf0d041daea520#diff-dfef39ef55b6e289b29d9093cee50662R3917

The strlen function must validate, that it actually contains a string to do strlen on.

> SIGSEGV, Segmentation fault. - ../sysdeps/x86_64/strlen.S: No such file or directory.
> -------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25823
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25823
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip, Resources/res_pjsip_caller_id
>    Affects Versions: 13.7.2
>         Environment: Ubuntu 14.04 - Asterisk 13.7.2
>            Reporter: Andreas Krüger
>            Assignee: Andreas Krüger
>
> Asterisk is crashing with the following error, when we're trying to transfer a call. It seems it tries to call strlen which is either not available or the variable is null?
> {code}
> #0  strlen () at ../sysdeps/x86_64/strlen.S:106
> #1  0x00007fffaa40e64f in modify_id_header (pool=0x7fffec006ea0, id=id at entry=0x7fffb135fa90, id_hdr=0x7fffec007588) at res_pjsip_caller_id.c:415
> #2  0x00007fffaa40ee6a in caller_id_outgoing_request (session=0x7fffec00d3c8, tdata=0x7fffec006f48) at res_pjsip_caller_id.c:683
> #3  0x00007fffb2513e98 in handle_outgoing_request (session=0x7fffec00d3c8, tdata=0x7fffec006f48) at res_pjsip_session.c:2251
> #4  0x00007fffb25157f3 in ast_sip_session_send_request_with_cb (session=0x7fffec00d3c8, tdata=0x7fffec006f48, on_response=<optimized out>) at res_pjsip_session.c:1089
> #5  0x00007fff9d2a68d6 in call (data=0x7fffb800fe18) at chan_pjsip.c:1658
> #6  0x00000000005e936c in ast_taskprocessor_execute (tps=0x7fffec00ddd8) at taskprocessor.c:784
> #7  0x00000000005f22cb in execute_tasks (data=0x7fffec00ddd8) at threadpool.c:1320
> #8  0x00000000005e936c in ast_taskprocessor_execute (tps=0xaaaa08) at taskprocessor.c:784
> #9  0x00000000005f0412 in threadpool_execute (pool=0xaaac08) at threadpool.c:351
> #10 0x00000000005f1be6 in worker_active (worker=0x7fffe0000f28) at threadpool.c:1103
> #11 0x00000000005f19a3 in worker_start (arg=0x7fffe0000f28) at threadpool.c:1023
> #12 0x00000000005fdf6e in dummy_start (data=0x7fffe0000eb0) at utils.c:1237
> #13 0x00007ffff60580a5 in start_thread (arg=0x7fffb1360700) at pthread_create.c:309
> #14 0x00007ffff563bcfd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
> {code}
> And the full bt is here:
> {code}
> #0  strlen () at ../sysdeps/x86_64/strlen.S:106
> No locals.
> #1  0x00007fffaa40e64f in modify_id_header (pool=0x7fffec006ea0, id=id at entry=0x7fffb135fa90, id_hdr=0x7fffec007588) at res_pjsip_caller_id.c:415
>         name_buf_len = <optimized out>
>         name_buf = <optimized out>
>         id_name_addr = 0x7fffec007610
> #2  0x00007fffaa40ee6a in caller_id_outgoing_request (session=0x7fffec00d3c8, tdata=0x7fffec006f48) at res_pjsip_caller_id.c:683
>         from = 0x7fffec007588
>         dlg = 0x7fffec00e3c8
>         effective_id = {name = {str = 0x0, char_set = 1, presentation = 0, valid = 1 '\001'}, number = {str = 0x7fffb8024f70 "22343661", plan = 0, presentation = 0, valid = 1 '\001'}, subaddress = {str = 0x0,
>             type = 0, odd_even_indicator = 0 '\000', valid = 0 '\000'}, tag = 0x0}
>         connected_id = {name = {str = 0x0, char_set = 1, presentation = 0, valid = 1 '\001'}, number = {str = 0x7fffec0205a0 "22343661", plan = 0, presentation = 0, valid = 1 '\001'}, subaddress = {str = 0x0,
>             type = 0, odd_even_indicator = 0 '\000', valid = 0 '\000'}, tag = 0x0}
>         tdata = 0x7fffec006f48
>         session = 0x7fffec00d3c8
> #3  0x00007fffb2513e98 in handle_outgoing_request (session=0x7fffec00d3c8, tdata=0x7fffec006f48) at res_pjsip_session.c:2251
>         supplement = 0x7fffec00e270
>         req = {method = {id = PJSIP_INVITE_METHOD, name = {ptr = 0x7fffb3bb819b "INVITE", slen = 6}}, uri = 0x7fffec007480}
>         __PRETTY_FUNCTION__ = "handle_outgoing_request"
> #4  0x00007fffb25157f3 in ast_sip_session_send_request_with_cb (session=0x7fffec00d3c8, tdata=0x7fffec006f48, on_response=<optimized out>) at res_pjsip_session.c:1089
>         on_response = <optimized out>
>         tdata = 0x7fffec006f48
>         session = 0x7fffec00d3c8
>         inv_session = <optimized out>
> #5  0x00007fff9d2a68d6 in call (data=0x7fffb800fe18) at chan_pjsip.c:1658
>         channel = 0x7fffb800fe18
>         session = 0x7fffec00d3c8
>         pvt = <optimized out>
>         tdata = 0x7fffec006f48
>         res = 0
> #6  0x00000000005e936c in ast_taskprocessor_execute (tps=0x7fffec00ddd8) at taskprocessor.c:784
>         local = {local_data = 0x0, data = 0x5fc633 <ast_threadstorage_set_ptr+60>}
>         t = 0x7fffb80015f0
>         size = 1
>         __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
> #7  0x00000000005f22cb in execute_tasks (data=0x7fffec00ddd8) at threadpool.c:1320
>         tps = 0x7fffec00ddd8
> #8  0x00000000005e936c in ast_taskprocessor_execute (tps=0xaaaa08) at taskprocessor.c:784
>         local = {local_data = 0x0, data = 0xaaabe8}
>         t = 0x7fffb8024f00
>         size = 11185160
>         __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
> #9  0x00000000005f0412 in threadpool_execute (pool=0xaaac08) at threadpool.c:351
>         __PRETTY_FUNCTION__ = "threadpool_execute"
> #10 0x00000000005f1be6 in worker_active (worker=0x7fffe0000f28) at threadpool.c:1103
>         alive = 0
> #11 0x00000000005f19a3 in worker_start (arg=0x7fffe0000f28) at threadpool.c:1023
>         worker = 0x7fffe0000f28
>         __PRETTY_FUNCTION__ = "worker_start"
> #12 0x00000000005fdf6e in dummy_start (data=0x7fffe0000eb0) at utils.c:1237
>         __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {140736166496000, -2886013801213841322, 1, 0, 140736166496704, 140736166496000, -2886013801239007146, 2886160201149067350}, __mask_was_saved = 0}},
>           __pad = {0x7fffb135fef0, 0x0, 0x0, 0x0}}
>         __cancel_routine = 0x451320 <ast_unregister_thread>
>         __cancel_arg = 0x7fffb1360700
>         __not_first_call = 0
>         ret = 0x0
>         a = {start_routine = 0x5f191c <worker_start>, data = 0x7fffe0000f28, name = 0x7fffe00008f0 "worker_start         started at [ 1077] threadpool.c worker_thread_start()"}
> #13 0x00007ffff60580a5 in start_thread (arg=0x7fffb1360700) at pthread_create.c:309
>         __res = <optimized out>
>         pd = 0x7fffb1360700
>         now = <optimized out>
>         unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140736166496000, 2886160671884849238, 1, 0, 140736166496704, 140736166496000, -2886013801215938474, -2886139004426899370}, mask_was_saved = 0}}, priv = {pad = {
>               0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>         not_first_call = <optimized out>
>         pagesize_m1 = <optimized out>
>         sp = <optimized out>
>         freesize = <optimized out>
>         __PRETTY_FUNCTION__ = "start_thread"
> #14 0x00007ffff563bcfd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
> {code}
>  It seems it was trigged, if we did not set the name on the channel. When we configured the name property on the channel, everything worked. So i guess according to Asterisk, the problem is in the file {code}res_pjsip_caller_id.c{code} at line 415. The validation check {code}if (id->name.valid) {{code} is true, but {code}id->name.str{code} is 0x0 when name is not set. This causes strlen to fail in the line {code}int name_buf_len = strlen(id->name.str) * 2 + 1;{code}
> The following code was bogus:
> {code}
> // OutboundCallerID is fetched from mysql though ODBC, example: 22556644
> if ("${OutboundCallerID}" != "") {
>     Set(CALLERID(num)=${OutboundCallerID});
> }
>         
> Dial(PJSIP/${number}@${TrunkName},${DIALTIMEOUT},${DIALOPTIONS}U(onConnect,${CallInfoId}));
> {code}
> And the following works:
> {code}
> // OutboundCallerID is fetched from mysql though ODBC, example: 22556644
> if ("${OutboundCallerID}" != "") {
>     Set(CALLERID(num)=${OutboundCallerID});
>     Set(CALLERID(name)=${OutboundCallerID});
> }
>         
> Dial(PJSIP/${number}@${TrunkName},${DIALTIMEOUT},${DIALOPTIONS}U(onConnect,${CallInfoId}));
> {code}
> Regarding the "pjsip set logger on" - it never reaches to this. No SIP packages is set, so this is just empty.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list