[asterisk-bugs] [JIRA] (ASTERISK-26623) pjsip_options format_contact_status segfault

Jørgen H (JIRA) noreply at issues.asterisk.org
Fri Nov 25 03:41:10 CST 2016 

Jørgen H created ASTERISK-26623:
-----------------------------------

             Summary: pjsip_options format_contact_status segfault
                 Key: ASTERISK-26623
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26623
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_pjsip
    Affects Versions: 14.2.0
         Environment: linux x64
            Reporter: Jørgen H


Crash caused by AMI PJSIPShowEndpoint call
Race condition? Looks like status object is null when calling ast_str_append on line 1252 of res/res_pjsip/pjsip_options.c

#0  format_contact_status (obj=obj at entry=0x7f6436c41158, arg=arg at entry=0x7f6439c26060, flags=flags at entry=0) at res_pjsip/pjsip_options.c:1252
        wrapper = 0x7f6436c41158
        contact = 0x7f6436bf4528
        ami = 0x7f6439c26060
        status = 0x0
        buf = 0x7f6437de0fa0
        endpoint = 0x7f64378f7428
        __PRETTY_FUNCTION__ = "format_contact_status"
#1  0x00007f64e4a0f518 in ast_sip_for_each_contact (aor=0x7f643772d5f0, on_contact=0x7f64e49f8ab0 <format_contact_status>, arg=0x7f6439c26060) at res_pjsip/location.c:674
        contact = 0x7f6436bf4528
        wrapper = 0x7f6436c41158
        aor_id = 0x7f6434e8b4b0 "xxxxxxxx"
        contacts = 0x7f64482bba38
        i = {c = 0x7f64482bba38, last_node = 0x7f6436bae668, complete = 0, flags = 0}
        res = 0
        object = 0x7f6436bf4528
        __PRETTY_FUNCTION__ = "ast_sip_for_each_contact"
#2  0x00007f64e4a0f2e5 in ast_sip_for_each_aor (aors=<optimized out>, on_aor=0x7f64e49f7d20 <format_contact_status_for_aor>, arg=0x7f6439c26060) at res_pjsip/location.c:616
        aor = 0x7f643772d5f0
        copy = 0x0
        res = <optimized out>
        __PRETTY_FUNCTION__ = "ast_sip_for_each_aor"
#3  0x00007f64e49f2698 in ast_sip_format_endpoint_ami (endpoint=endpoint at entry=0x7f64378f7428, ami=ami at entry=0x7f6439c26060, count=count at entry=0x7f6439c26054) at res_pjsip.c:2665
        res = 0
        i = 0x7f64e4c29180 <contact_status_formatter>
        lock = 0x7f64e4c28ce0 <endpoint_formatters>
        __PRETTY_FUNCTION__ = "ast_sip_format_endpoint_ami"
#4  0x00007f64e4a0c17e in ami_show_endpoint (s=0x7f6439c263b0, m=0x7f6439c268c0) at res_pjsip/pjsip_configuration.c:1526
        ami = {s = 0x7f6439c263b0, m = 0x7f6439c268c0, action_id = 0x7f64362e3f3a "6202", arg = 0x7f64378f7428, count = 2}
        endpoint = 0x7f64378f7428
        endpoint_name = 0x7f6434d09a1a "xxxxxxxx"
        count = 3
#5  0x000000000054e011 in process_message (s=s at entry=0x7f6439c263b0, m=m at entry=0x7f6439c268c0) at manager.c:6358
        acted = 0
        ret = 0
        user = <optimized out>
        action = 0x7f64481ac708 "PJSIPShowEndpoint"
        __PRETTY_FUNCTION__ = "process_message"




--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list