[asterisk-bugs] [JIRA] (ASTERISK-27481) Asterisk crashes when receiving REFER message on PJSIP channel

Joshua Colp (JIRA) noreply at issues.asterisk.org
Fri Dec 22 07:25:41 CST 2017


     [ https://issues.asterisk.org/jira/browse/ASTERISK-27481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp updated ASTERISK-27481:
-----------------------------------

    Component/s: Resources/res_pjsip_refer

> Asterisk crashes when receiving REFER message on PJSIP channel
> --------------------------------------------------------------
>
>                 Key: ASTERISK-27481
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27481
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip, Resources/res_pjsip_refer
>    Affects Versions: 15.1.2
>            Reporter: Mika Aalto
>              Labels: pjsip
>         Attachments: core.2883-brief.txt, core.2883-full.txt, core.2883-locks.txt, core.2883-thread1.txt, full, messages
>
>
> Asterisk crashes in pj_stricmp function.
> Program terminated with signal 11, Segmentation fault.
> #0  0x00007fae84a54307 in pj_stricmp (str1=0x10, str2=0x7fae00039cd8) at ../include/pj/string_i.h:216
> 216	    if (str1->slen == 0) {
> Stacktrace:
> Thread 1 (Thread 0x7f2fa014a700 (LWP 2914)):
> #0  0x00007f300bf3a305 in pj_stricmp (str1=0x10, str2=0x7f2fec001138) at ../include/pj/string_i.h:216
> #1  0x00007f300be7889e in find_pkg (event_name=0x7f2fec001138) at ../src/pjsip-simple/evsub.c:392
> #2  0x00007f300be79325 in evsub_create (dlg=0x7f2f882c85b8, role=PJSIP_ROLE_UAS, user_cb=0x7f300c1866e0 <xfer_user>, event=0x7f2fec001138, option=1, p_evsub=0x7f2fa01493a0) at ../src/pjsip-simple/evsub.c:766
> #3  0x00007f300be79918 in pjsip_evsub_create_uas (dlg=0x7f2f882c85b8, user_cb=0x7f300c1866e0 <xfer_user>, rdata=0x7f2fec00ee78, option=1, p_evsub=0x7f2fa0149420) at ../src/pjsip-simple/evsub.c:960
> #4  0x00007f300be73f98 in pjsip_xfer_create_uas (dlg=0x7f2f882c85b8, user_cb=0x7f2f68cd23c0 <refer_progress_evsub_cb>, rdata=0x7f2fec00ee78, p_evsub=0x7f2f882dc438) at ../src/pjsip-ua/sip_xfer.c:256
> #5  0x00007f2f68accaa6 in refer_progress_alloc (session=0x7f2f88032158, rdata=0x7f2fec00ee78, progress=0x7f2fa0149600) at res_pjsip_refer.c:393
> #6  0x00007f2f68acf30f in refer_incoming_refer_request (session=0x7f2f88032158, rdata=0x7f2fec00ee78) at res_pjsip_refer.c:1090
> #7  0x00007f2f68acf716 in refer_incoming_request (session=0x7f2f88032158, rdata=0x7f2fec00ee78) at res_pjsip_refer.c:1140
> #8  0x00007f2fa3df831a in handle_incoming_request (session=0x7f2f88032158, rdata=0x7f2fec00ee78) at res_pjsip_session.c:3157
> #9  0x00007f2fa3df857b in handle_incoming (session=0x7f2f88032158, rdata=0x7f2fec00ee78, response_priority=AST_SIP_SESSION_AFTER_MEDIA) at res_pjsip_session.c:3190
> #10 0x00007f2fa3df9098 in session_inv_on_tsx_state_changed (inv=0x7f2f882ca648, tsx=0x7f2f882d8638, e=0x7f2fa01498c0) at res_pjsip_session.c:3478
> #11 0x00007f300be686f7 in mod_inv_on_tsx_state (tsx=0x7f2f882d8638, e=0x7f2fa01498c0) at ../src/pjsip-ua/sip_inv.c:739
> #12 0x00007f300beb2a11 in pjsip_dlg_on_tsx_state (dlg=0x7f2f882c85b8, tsx=0x7f2f882d8638, e=0x7f2fa01498c0) at ../src/pjsip/sip_dialog.c:2064
> #13 0x00007f300beb327f in mod_ua_on_tsx_state (tsx=0x7f2f882d8638, e=0x7f2fa01498c0) at ../src/pjsip/sip_ua_layer.c:178
> #14 0x00007f300beab592 in tsx_set_state (tsx=0x7f2f882d8638, state=PJSIP_TSX_STATE_TRYING, event_src_type=PJSIP_EVENT_RX_MSG, event_src=0x7f2fec00ee78, flag=0) at ../src/pjsip/sip_transaction.c:1267
> #15 0x00007f300bead50d in tsx_on_state_null (tsx=0x7f2f882d8638, event=0x7f2fa0149970) at ../src/pjsip/sip_transaction.c:2410
> #16 0x00007f300beac4e8 in pjsip_tsx_recv_msg (tsx=0x7f2f882d8638, rdata=0x7f2fec00ee78) at ../src/pjsip/sip_transaction.c:1827
> #17 0x00007f300beb2164 in pjsip_dlg_on_rx_request (dlg=0x7f2f882c85b8, rdata=0x7f2fec00ee78) at ../src/pjsip/sip_dialog.c:1711
> #18 0x00007f300beb3d62 in mod_ua_on_rx_request (rdata=0x7f2fec00ee78) at ../src/pjsip/sip_ua_layer.c:704
> #19 0x00007f300be919d1 in pjsip_endpt_process_rx_data (endpt=0x23b15f8, rdata=0x7f2fec00ee78, p=0x7f2fa3be01e0 <param.23503>, p_handled=0x7f2fa0149b74) at ../src/pjsip/sip_endpoint.c:887
> #20 0x00007f2fa39b331f in distribute (data=0x7f2fec00ee78) at res_pjsip/pjsip_distributor.c:903
> #21 0x0000000000606bf9 in ast_taskprocessor_execute (tps=0x7f2f882ca288) at taskprocessor.c:963
> #22 0x000000000060fe03 in execute_tasks (data=0x7f2f882ca288) at threadpool.c:1322
> #23 0x0000000000606bf9 in ast_taskprocessor_execute (tps=0x23ab918) at taskprocessor.c:963
> #24 0x000000000060dd03 in threadpool_execute (pool=0x23ae288) at threadpool.c:351
> #25 0x000000000060f6f1 in worker_active (worker=0x7f2f90000948) at threadpool.c:1105
> #26 0x000000000060f491 in worker_start (arg=0x7f2f90000948) at threadpool.c:1024
> #27 0x000000000061b9b1 in dummy_start (data=0x7f2f90000a60) at utils.c:1257
> #28 0x00007f300a090e25 in start_thread () from /lib64/libpthread.so.0
> #29 0x00007f300937034d in clone () from /lib64/libc.so.6



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list