[asterisk-bugs] [JIRA] (ASTERISK-25823) SIGSEGV, Segmentation fault. - ../sysdeps/x86_64/strlen.S: No such file or directory.

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Wed Apr 26 13:54:58 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=236720#comment-236720 ] 

Kevin Harwell commented on ASTERISK-25823:
------------------------------------------

I take back some of the previous comment. There does appear to be other checks against caller id being NULL strewn throughout the code even when marked valid. So doing the same in this instance would not be unprecedented. That is also the quick and easy fix. It'd be nice to know the root cause of how it came to be in that state, but that may not be possible.

So barring that and/or more details I'll put a NULL check in. Which no matter the root cause is probably the right fix anyway given that via dialplan one can specify the caller id name to be valid when it is not.

> SIGSEGV, Segmentation fault. - ../sysdeps/x86_64/strlen.S: No such file or directory.
> -------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25823
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25823
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip, Resources/res_pjsip_caller_id
>    Affects Versions: 13.7.2
>         Environment: Ubuntu 14.04 - Asterisk 13.7.2
>            Reporter: Andreas Krüger
>            Assignee: Kevin Harwell
>
> Asterisk is crashing with the following error, when we're trying to transfer a call. It seems it tries to call strlen which is either not available or the variable is null?
> {code}
> #0  strlen () at ../sysdeps/x86_64/strlen.S:106
> #1  0x00007fffaa40e64f in modify_id_header (pool=0x7fffec006ea0, id=id at entry=0x7fffb135fa90, id_hdr=0x7fffec007588) at res_pjsip_caller_id.c:415
> #2  0x00007fffaa40ee6a in caller_id_outgoing_request (session=0x7fffec00d3c8, tdata=0x7fffec006f48) at res_pjsip_caller_id.c:683
> #3  0x00007fffb2513e98 in handle_outgoing_request (session=0x7fffec00d3c8, tdata=0x7fffec006f48) at res_pjsip_session.c:2251
> #4  0x00007fffb25157f3 in ast_sip_session_send_request_with_cb (session=0x7fffec00d3c8, tdata=0x7fffec006f48, on_response=<optimized out>) at res_pjsip_session.c:1089
> #5  0x00007fff9d2a68d6 in call (data=0x7fffb800fe18) at chan_pjsip.c:1658
> #6  0x00000000005e936c in ast_taskprocessor_execute (tps=0x7fffec00ddd8) at taskprocessor.c:784
> #7  0x00000000005f22cb in execute_tasks (data=0x7fffec00ddd8) at threadpool.c:1320
> #8  0x00000000005e936c in ast_taskprocessor_execute (tps=0xaaaa08) at taskprocessor.c:784
> #9  0x00000000005f0412 in threadpool_execute (pool=0xaaac08) at threadpool.c:351
> #10 0x00000000005f1be6 in worker_active (worker=0x7fffe0000f28) at threadpool.c:1103
> #11 0x00000000005f19a3 in worker_start (arg=0x7fffe0000f28) at threadpool.c:1023
> #12 0x00000000005fdf6e in dummy_start (data=0x7fffe0000eb0) at utils.c:1237
> #13 0x00007ffff60580a5 in start_thread (arg=0x7fffb1360700) at pthread_create.c:309
> #14 0x00007ffff563bcfd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
> {code}
> And the full bt is here:
> {code}
> #0  strlen () at ../sysdeps/x86_64/strlen.S:106
> No locals.
> #1  0x00007fffaa40e64f in modify_id_header (pool=0x7fffec006ea0, id=id at entry=0x7fffb135fa90, id_hdr=0x7fffec007588) at res_pjsip_caller_id.c:415
>         name_buf_len = <optimized out>
>         name_buf = <optimized out>
>         id_name_addr = 0x7fffec007610
> #2  0x00007fffaa40ee6a in caller_id_outgoing_request (session=0x7fffec00d3c8, tdata=0x7fffec006f48) at res_pjsip_caller_id.c:683
>         from = 0x7fffec007588
>         dlg = 0x7fffec00e3c8
>         effective_id = {name = {str = 0x0, char_set = 1, presentation = 0, valid = 1 '\001'}, number = {str = 0x7fffb8024f70 "22343661", plan = 0, presentation = 0, valid = 1 '\001'}, subaddress = {str = 0x0,
>             type = 0, odd_even_indicator = 0 '\000', valid = 0 '\000'}, tag = 0x0}
>         connected_id = {name = {str = 0x0, char_set = 1, presentation = 0, valid = 1 '\001'}, number = {str = 0x7fffec0205a0 "22343661", plan = 0, presentation = 0, valid = 1 '\001'}, subaddress = {str = 0x0,
>             type = 0, odd_even_indicator = 0 '\000', valid = 0 '\000'}, tag = 0x0}
>         tdata = 0x7fffec006f48
>         session = 0x7fffec00d3c8
> #3  0x00007fffb2513e98 in handle_outgoing_request (session=0x7fffec00d3c8, tdata=0x7fffec006f48) at res_pjsip_session.c:2251
>         supplement = 0x7fffec00e270
>         req = {method = {id = PJSIP_INVITE_METHOD, name = {ptr = 0x7fffb3bb819b "INVITE", slen = 6}}, uri = 0x7fffec007480}
>         __PRETTY_FUNCTION__ = "handle_outgoing_request"
> #4  0x00007fffb25157f3 in ast_sip_session_send_request_with_cb (session=0x7fffec00d3c8, tdata=0x7fffec006f48, on_response=<optimized out>) at res_pjsip_session.c:1089
>         on_response = <optimized out>
>         tdata = 0x7fffec006f48
>         session = 0x7fffec00d3c8
>         inv_session = <optimized out>
> #5  0x00007fff9d2a68d6 in call (data=0x7fffb800fe18) at chan_pjsip.c:1658
>         channel = 0x7fffb800fe18
>         session = 0x7fffec00d3c8
>         pvt = <optimized out>
>         tdata = 0x7fffec006f48
>         res = 0
> #6  0x00000000005e936c in ast_taskprocessor_execute (tps=0x7fffec00ddd8) at taskprocessor.c:784
>         local = {local_data = 0x0, data = 0x5fc633 <ast_threadstorage_set_ptr+60>}
>         t = 0x7fffb80015f0
>         size = 1
>         __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
> #7  0x00000000005f22cb in execute_tasks (data=0x7fffec00ddd8) at threadpool.c:1320
>         tps = 0x7fffec00ddd8
> #8  0x00000000005e936c in ast_taskprocessor_execute (tps=0xaaaa08) at taskprocessor.c:784
>         local = {local_data = 0x0, data = 0xaaabe8}
>         t = 0x7fffb8024f00
>         size = 11185160
>         __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
> #9  0x00000000005f0412 in threadpool_execute (pool=0xaaac08) at threadpool.c:351
>         __PRETTY_FUNCTION__ = "threadpool_execute"
> #10 0x00000000005f1be6 in worker_active (worker=0x7fffe0000f28) at threadpool.c:1103
>         alive = 0
> #11 0x00000000005f19a3 in worker_start (arg=0x7fffe0000f28) at threadpool.c:1023
>         worker = 0x7fffe0000f28
>         __PRETTY_FUNCTION__ = "worker_start"
> #12 0x00000000005fdf6e in dummy_start (data=0x7fffe0000eb0) at utils.c:1237
>         __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {140736166496000, -2886013801213841322, 1, 0, 140736166496704, 140736166496000, -2886013801239007146, 2886160201149067350}, __mask_was_saved = 0}},
>           __pad = {0x7fffb135fef0, 0x0, 0x0, 0x0}}
>         __cancel_routine = 0x451320 <ast_unregister_thread>
>         __cancel_arg = 0x7fffb1360700
>         __not_first_call = 0
>         ret = 0x0
>         a = {start_routine = 0x5f191c <worker_start>, data = 0x7fffe0000f28, name = 0x7fffe00008f0 "worker_start         started at [ 1077] threadpool.c worker_thread_start()"}
> #13 0x00007ffff60580a5 in start_thread (arg=0x7fffb1360700) at pthread_create.c:309
>         __res = <optimized out>
>         pd = 0x7fffb1360700
>         now = <optimized out>
>         unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140736166496000, 2886160671884849238, 1, 0, 140736166496704, 140736166496000, -2886013801215938474, -2886139004426899370}, mask_was_saved = 0}}, priv = {pad = {
>               0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>         not_first_call = <optimized out>
>         pagesize_m1 = <optimized out>
>         sp = <optimized out>
>         freesize = <optimized out>
>         __PRETTY_FUNCTION__ = "start_thread"
> #14 0x00007ffff563bcfd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
> {code}
>  It seems it was trigged, if we did not set the name on the channel. When we configured the name property on the channel, everything worked. So i guess according to Asterisk, the problem is in the file {code}res_pjsip_caller_id.c{code} at line 415. The validation check {code}if (id->name.valid) {{code} is true, but {code}id->name.str{code} is 0x0 when name is not set. This causes strlen to fail in the line {code}int name_buf_len = strlen(id->name.str) * 2 + 1;{code}
> The following code was bogus:
> {code}
> // OutboundCallerID is fetched from mysql though ODBC, example: 22556644
> if ("${OutboundCallerID}" != "") {
>     Set(CALLERID(num)=${OutboundCallerID});
> }
>         
> Dial(PJSIP/${number}@${TrunkName},${DIALTIMEOUT},${DIALOPTIONS}U(onConnect,${CallInfoId}));
> {code}
> And the following works:
> {code}
> // OutboundCallerID is fetched from mysql though ODBC, example: 22556644
> if ("${OutboundCallerID}" != "") {
>     Set(CALLERID(num)=${OutboundCallerID});
>     Set(CALLERID(name)=${OutboundCallerID});
> }
>         
> Dial(PJSIP/${number}@${TrunkName},${DIALTIMEOUT},${DIALOPTIONS}U(onConnect,${CallInfoId}));
> {code}
> Regarding the "pjsip set logger on" - it never reaches to this. No SIP packages is set, so this is just empty.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list