[asterisk-bugs] [JIRA] (ASTERISK-26484) res_pjsip_messaging: Crash when using invalid URI in MessageSend 'from' argument.
Rusty Newton (JIRA)
noreply at issues.asterisk.org
Tue Nov 1 16:03:10 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-26484?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rusty Newton updated ASTERISK-26484:
------------------------------------
Description:
Rusty's dialplan to reproduce:
{noformat}
exten = 100,1,Answer()
same = n,Set(MESSAGE(body)="Blah blah blah")
same = n,MessageSend(pjsip:BOB,"ALICE" <pjsip:ALICE at 10.24.18.16>)
same = n,Hangup()
{noformat}
The second argument to MessageSend, should use "sip:" and not "pjsip:".
Rusty's trace:
{noformat}
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __longjmp_chk (env=0x0, val=1) at ../setjmp/longjmp.c:32
#0 __longjmp_chk (env=0x0, val=1) at ../setjmp/longjmp.c:32
No locals.
#1 0x00007f36c8a8628e in pj_throw_exception_ () from /usr/lib/libasteriskpj.so
No symbol table info available.
#2 0x00007f36c8a1cce0 in pool_callback () from /usr/lib/libasteriskpj.so
No symbol table info available.
#3 0x00007f36c8a88dec in pj_pool_allocate_find () from /usr/lib/libasteriskpj.so
No symbol table info available.
#4 0x00007f36c8a906e5 in pj_strdup () from /usr/lib/libasteriskpj.so
No symbol table info available.
#5 0x00007f3628f34f43 in update_from (tdata=0x7f3644001d38, tdata=0x7f3644001d38, from=<optimized out>) at res_pjsip_messaging.c:245
name_addr = 0x7f3644002450
parsed_name_addr = 0x7f364401ba10
#6 msg_send (data=0x7f36a4002610) at res_pjsip_messaging.c:627
mdata = 0x7f36a4002610
body = {type = 0x7f3628f35f62 "text", subtype = 0x7f3628f35f5c "plain", body_text = 0x7f36a4000ccc "\"Blah blah blah\""}
tdata = 0x7f3644001d38
uri = 0x0
endpoint = 0x3aa8758
__PRETTY_FUNCTION__ = "msg_send"
#7 0x0000000000607c1e in ast_taskprocessor_execute (tps=0x3d11db0) at taskprocessor.c:967
local = {local_data = 0x3d11db0, data = 0x8db4b0 <current_serializer>}
t = 0x7f36a4001340
size = 6405926
__PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
{noformat}
Vinod's original trace:
{noformat}
#0 0x00007f9aca8045f7 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007f9aca805ce8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00007f9aca7fd566 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00007f9aca7fd612 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x00007f9a8547e525 in pj_throw_exception_ () from /lib64/libpj.so.2
No symbol table info available.
#5 0x00007f9a86bb8b80 in pool_callback () from /lib64/libpjsip.so.2
No symbol table info available.
#6 0x00007f9a854814d0 in pj_pool_allocate_find () from /lib64/libpj.so.2
No symbol table info available.
#7 0x00007f9a85488fd5 in pj_strdup () from /lib64/libpj.so.2
No symbol table info available.
#8 0x00007f9a55acbf75 in update_from (tdata=0x1b47558, tdata=0x1b47558, from=<optimized out>)
at res_pjsip_messaging.c:245
name_addr = 0x1b47c80
parsed_name_addr = 0x1a59940
#9 msg_send (data=0x7f9ab00019a0) at res_pjsip_messaging.c:627
mdata = 0x7f9ab00019a0
body = {type = 0x7f9a55acd127 "text", subtype = 0x7f9a55acd12c "plain",
body_text = 0x7f9ab00016dc "Missed call at 18 Oct 2016 05:07:05 AM"}
tdata = 0x1b47558
uri = 0x0
---Type <return> to continue, or q <return> to quit---
endpoint = 0x1cf53a8
__PRETTY_FUNCTION__ = "msg_send"
{noformat}
was:
{noformat}
#0 0x00007f9aca8045f7 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007f9aca805ce8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00007f9aca7fd566 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00007f9aca7fd612 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x00007f9a8547e525 in pj_throw_exception_ () from /lib64/libpj.so.2
No symbol table info available.
#5 0x00007f9a86bb8b80 in pool_callback () from /lib64/libpjsip.so.2
No symbol table info available.
#6 0x00007f9a854814d0 in pj_pool_allocate_find () from /lib64/libpj.so.2
No symbol table info available.
#7 0x00007f9a85488fd5 in pj_strdup () from /lib64/libpj.so.2
No symbol table info available.
#8 0x00007f9a55acbf75 in update_from (tdata=0x1b47558, tdata=0x1b47558, from=<optimized out>)
at res_pjsip_messaging.c:245
name_addr = 0x1b47c80
parsed_name_addr = 0x1a59940
#9 msg_send (data=0x7f9ab00019a0) at res_pjsip_messaging.c:627
mdata = 0x7f9ab00019a0
body = {type = 0x7f9a55acd127 "text", subtype = 0x7f9a55acd12c "plain",
body_text = 0x7f9ab00016dc "Missed call at 18 Oct 2016 05:07:05 AM"}
tdata = 0x1b47558
uri = 0x0
---Type <return> to continue, or q <return> to quit---
endpoint = 0x1cf53a8
__PRETTY_FUNCTION__ = "msg_send"
#10 0x00000000005e9ed0 in ast_taskprocessor_execute (tps=tps at entry=0x2ee0910) at taskprocessor.c:967
local = {local_data = 0x7f9ac00024d8, data = 0x0}
t = 0x7f9ab00022d0
__PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
#11 0x00000000005f0f10 in execute_tasks (data=0x2ee0910) at threadpool.c:1322
tps = 0x2ee0910
#12 0x00000000005e9ed0 in ast_taskprocessor_execute (tps=0x16ce470) at taskprocessor.c:967
local = {local_data = 0x7f9ac00024d8, data = 0x1}
t = 0x7f9ab0002300
__PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
#13 0x00000000005f1b10 in threadpool_execute (pool=0x16d0380) at threadpool.c:351
No locals.
#14 worker_active (worker=0x7f9ac00024a0) at threadpool.c:1105
No locals.
#15 worker_start (arg=arg at entry=0x7f9ac00024a0) at threadpool.c:1024
worker = 0x7f9ac00024a0
saved_state = <optimized out>
__PRETTY_FUNCTION__ = "worker_start"
#16 0x00000000005fb68a in dummy_start (data=<optimized out>) at utils.c:1230
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {140302622926272, 6719819146149027233, 0,
140301413964224, 140301413963520, 507904, -6740349289059000927, 6719818516347018657},
__mask_was_saved = 0}}, __pad = {0x7f9a77f0cdf0, 0x0, 0x0, 0x0}}
__cancel_arg = 0x7f9a77f0d700
__not_first_call = <optimized out>
---Type <return> to continue, or q <return> to quit---
ret = <optimized out>
a = {start_routine = 0x5f1720 <worker_start>, data = 0x7f9ac00024a0,
name = 0x7f9ac00025c0 "worker_start started at [ 1079] threadpool.c worker_thread_start()"}
#17 0x00007f9acb521dc5 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#18 0x00007f9aca8c5ced in clone () from /lib64/libc.so.6
{noformat}
> res_pjsip_messaging: Crash when using invalid URI in MessageSend 'from' argument.
> ---------------------------------------------------------------------------------
>
> Key: ASTERISK-26484
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26484
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Documentation, Resources/res_pjsip_messaging
> Affects Versions: 14.0.2, 14.1.0
> Environment: Centos 7.2
> Reporter: Vinod Dharashive
> Assignee: Rusty Newton
> Severity: Minor
> Attachments: backtrace.txt
>
>
> Rusty's dialplan to reproduce:
> {noformat}
> exten = 100,1,Answer()
> same = n,Set(MESSAGE(body)="Blah blah blah")
> same = n,MessageSend(pjsip:BOB,"ALICE" <pjsip:ALICE at 10.24.18.16>)
> same = n,Hangup()
> {noformat}
> The second argument to MessageSend, should use "sip:" and not "pjsip:".
> Rusty's trace:
> {noformat}
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 __longjmp_chk (env=0x0, val=1) at ../setjmp/longjmp.c:32
> #0 __longjmp_chk (env=0x0, val=1) at ../setjmp/longjmp.c:32
> No locals.
> #1 0x00007f36c8a8628e in pj_throw_exception_ () from /usr/lib/libasteriskpj.so
> No symbol table info available.
> #2 0x00007f36c8a1cce0 in pool_callback () from /usr/lib/libasteriskpj.so
> No symbol table info available.
> #3 0x00007f36c8a88dec in pj_pool_allocate_find () from /usr/lib/libasteriskpj.so
> No symbol table info available.
> #4 0x00007f36c8a906e5 in pj_strdup () from /usr/lib/libasteriskpj.so
> No symbol table info available.
> #5 0x00007f3628f34f43 in update_from (tdata=0x7f3644001d38, tdata=0x7f3644001d38, from=<optimized out>) at res_pjsip_messaging.c:245
> name_addr = 0x7f3644002450
> parsed_name_addr = 0x7f364401ba10
> #6 msg_send (data=0x7f36a4002610) at res_pjsip_messaging.c:627
> mdata = 0x7f36a4002610
> body = {type = 0x7f3628f35f62 "text", subtype = 0x7f3628f35f5c "plain", body_text = 0x7f36a4000ccc "\"Blah blah blah\""}
> tdata = 0x7f3644001d38
> uri = 0x0
> endpoint = 0x3aa8758
> __PRETTY_FUNCTION__ = "msg_send"
> #7 0x0000000000607c1e in ast_taskprocessor_execute (tps=0x3d11db0) at taskprocessor.c:967
> local = {local_data = 0x3d11db0, data = 0x8db4b0 <current_serializer>}
> t = 0x7f36a4001340
> size = 6405926
> __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
> {noformat}
> Vinod's original trace:
> {noformat}
> #0 0x00007f9aca8045f7 in raise () from /lib64/libc.so.6
> No symbol table info available.
> #1 0x00007f9aca805ce8 in abort () from /lib64/libc.so.6
> No symbol table info available.
> #2 0x00007f9aca7fd566 in __assert_fail_base () from /lib64/libc.so.6
> No symbol table info available.
> #3 0x00007f9aca7fd612 in __assert_fail () from /lib64/libc.so.6
> No symbol table info available.
> #4 0x00007f9a8547e525 in pj_throw_exception_ () from /lib64/libpj.so.2
> No symbol table info available.
> #5 0x00007f9a86bb8b80 in pool_callback () from /lib64/libpjsip.so.2
> No symbol table info available.
> #6 0x00007f9a854814d0 in pj_pool_allocate_find () from /lib64/libpj.so.2
> No symbol table info available.
> #7 0x00007f9a85488fd5 in pj_strdup () from /lib64/libpj.so.2
> No symbol table info available.
> #8 0x00007f9a55acbf75 in update_from (tdata=0x1b47558, tdata=0x1b47558, from=<optimized out>)
> at res_pjsip_messaging.c:245
> name_addr = 0x1b47c80
> parsed_name_addr = 0x1a59940
> #9 msg_send (data=0x7f9ab00019a0) at res_pjsip_messaging.c:627
> mdata = 0x7f9ab00019a0
> body = {type = 0x7f9a55acd127 "text", subtype = 0x7f9a55acd12c "plain",
> body_text = 0x7f9ab00016dc "Missed call at 18 Oct 2016 05:07:05 AM"}
> tdata = 0x1b47558
> uri = 0x0
> ---Type <return> to continue, or q <return> to quit---
> endpoint = 0x1cf53a8
> __PRETTY_FUNCTION__ = "msg_send"
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list