[asterisk-bugs] [JIRA] (ASTERISK-26713) Segfault when removing object from cache

Richard Mudgett (JIRA) noreply at issues.asterisk.org
Wed Jan 11 16:42:11 CST 2017


    [ https://issues.asterisk.org/jira/browse/ASTERISK-26713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=234580#comment-234580 ] 

Richard Mudgett commented on ASTERISK-26713:
--------------------------------------------

These segfaults you are seeing in malloc() or free() are almost certainly the result of memory corruption.  A bug causing memory corruption issues can cause a crash anywhere.

> Segfault when removing object from cache
> ----------------------------------------
>
>                 Key: ASTERISK-26713
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26713
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/Sorcery
>    Affects Versions: 14.2.1
>         Environment: Fedora 23
>            Reporter: Ross Beer
>
> Segfault occurs when removing endpoint from the cache. The interesting thing here is that the endpoint is not in real-time but in the fixed config.
> {noformat}
> #0  0x00007f2c0fec8a28 in raise () at /lib64/libc.so.6
> #1  0x00007f2c0feca62a in abort () at /lib64/libc.so.6
> #2  0x00007f2c0ff0bdea in  () at /lib64/libc.so.6
> #3  0x00007f2c0ff14936 in _int_free () at /lib64/libc.so.6
> #4  0x00007f2c0ff1778c in free () at /lib64/libc.so.6
> #5  0x00000000004dfd60 in ast_variable_destroy (doomed=0x7f2bc851fc50) at config.c:548
> #6  0x00000000004dfec6 in ast_variables_destroy (v=0x7f2bc851fce0) at config.c:604
>         vn = 0x7f2bc851fc50
> #7  0x00007f2b809a18ed in sorcery_memory_cached_object_destructor (obj=0x7f2bc836b220) at res_sorcery_memory_cache.c:433
>         cached = 0x7f2bc836b220
> #8  0x000000000045e7c6 in internal_ao2_ref (user_data=0x7f2bc836b220, delta=-1, file=0x6b8fbb "astobj2.c", line=505, func=0x6b9248 <__FUNCTION__.8761> "__ao2_ref") at astobj2.c:438
>         obj = 0x7f2bc836b208
>         obj_mutex = 0x7f2bc836b220
>         obj_rwlock = 0x7f2b5ed5e8a0
>         current_value = 0
>         ret = 1
>         __PRETTY_FUNCTION__ = "internal_ao2_ref"
> #9  0x000000000045ea77 in __ao2_ref (user_data=0x7f2bc836b220, delta=-1) at astobj2.c:505
>         __FUNCTION__ = "__ao2_ref"
> #10 0x00007f2b809a1976 in remove_from_cache (cache=0x1dd15d8, id=0x3126450 "inbound03", reschedule=1) at res_sorcery_memory_cache.c:471
>         hash_object = 0x7f2bc836b220
>         oldest_object = 0x7f2bd00175b0
>         heap_object = 0x7f2bc836b220
> #11 0x00007f2b809a2248 in sorcery_memory_cache_create (sorcery=0x1dce4d0, data=0x1dd15d8, object=0x3126668) at res_sorcery_memory_cache.c:810
>         cache = 0x1dd15d8
>         cached = 0x7f2bc863b720
>         __PRETTY_FUNCTION__ = "sorcery_memory_cache_create"
> #12 0x00000000005cb134 in sorcery_cache_create (obj=0x1dd15a0, arg=0x7f2b5ed5e9a0, flags=0) at sorcery.c:1854
>         object_wizard = 0x1dd15a0
>         details = 0x7f2b5ed5e9a0
> #13 0x00000000005cb2ed in ast_sorcery_retrieve_by_id (sorcery=0x1dce4d0, type=0x7f2b650a81d0 "endpoint", id=0x3bfc232 "<< ENDPOINT >>") at sorcery.c:1890
>         rc = 0
>         idx = 1
>         res = 0x0
>         sdetails = {sorcery = 0x1dce4d0, obj = 0x3126668}
>         object_type = 0x1dd0cf0
>         object = 0x3126668
>         i = 0
>         cached = 0
>         __PRETTY_FUNCTION__ = "ast_sorcery_retrieve_by_id"
> #14 0x00007f2b650a71cf in ip_identify (rdata=<optimized out>) at res_pjsip_endpoint_identifier_ip.c:141
>         addr = {ss = {ss_family = 2, __ss_padding = "\023\304%\235\066\312", '\000' <repeats 111 times>, __ss_align = 0}, len = 16}
>         candidates = 0x7f2bc80754f8
>         match = 0x3d32468
>         endpoint = <optimized out>
>         __PRETTY_FUNCTION__ = "ip_identify"
> #15 0x00007f2b813f7322 in ast_sip_identify_endpoint (rdata=rdata at entry=0x7f2bc81f3da8) at res_pjsip.c:2527
>         iter = 0x21d7dc0
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list