[asterisk-bugs] [JIRA] (ASTERISK-27099) Segfault in pjsip_message_ip_updater

Ross Beer (JIRA) noreply at issues.asterisk.org
Wed Jul 5 04:26:57 CDT 2017


    [ https://issues.asterisk.org/jira/browse/ASTERISK-27099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=237632#comment-237632 ] 

Ross Beer edited comment on ASTERISK-27099 at 7/5/17 4:25 AM:
--------------------------------------------------------------

I have just uploaded another backtrace for this issue. One thing that has confused me is the following line:

{noformat}
#8  0x00007fed0977bda8 in pjsip_endpt_send_response2 (endpt=0xc48128, rdata=0x7febb000b988, tdata=0x7fec800e4b98, token=0x0, cb=0x0) at ../src/pjsip/sip_util.c:1814
        res_addr = {transport = 0x266fc08, addr = {addr = {sa_family = 2}, ipv4 = {sin_family = 2, sin_port = 50451, sin_addr = {s_addr = 864256081}, sin_zero = "000000000000000000000"}, ipv6 = {sin6_family = 2, sin6_port = 50451, sin6_flowinfo = 864256081, sin6_addr = {s6_addr = "000000000000000000000000b256X002000000000", u6_addr32 = {0, 0, 39366152, 0}}, sin6_scope_id = 2952844368}}, addr_len = 16, dst_host = {flag = 4, type = PJSIP_TRANSPORT_UDP, addr = {host = {ptr = 0x7fec800e57b0 "X.X.131.51 8 ", slen = 13}, port = 5061}}}
        status = 0
{noformat}

Specifically the following line:

{noformat}
dst_host = {flag = 4, type = PJSIP_TRANSPORT_UDP, addr = {host = {ptr = 0x7fec800e57b0 "X.X.131.51 8 ", slen = 13}, port = 5061}}}
{noformat}

The IP address has the IP and then ' 8 ', is this expected in this field? 

The 5061 port threw me but that's the destination host, so that could well be the case for UDP however mostly used for TLS.

At the time of the crash, there are no log entries. Only minutes before and once Asterisk restarts.

Regarding the optimised trace, Asterisk has been compiled correctly, therefore, shouldn't be showing optimised fields. The crash looks related to the PJSIP library, does the don't optimise flag get passed on building to the bundled version?


was (Author: rossbeer):
I have just uploaded another backtrace for this issue. One thing that has confused me is the following line:

{noformat}
#8  0x00007fed0977bda8 in pjsip_endpt_send_response2 (endpt=0xc48128, rdata=0x7febb000b988, tdata=0x7fec800e4b98, token=0x0, cb=0x0) at ../src/pjsip/sip_util.c:1814
        res_addr = {transport = 0x266fc08, addr = {addr = {sa_family = 2}, ipv4 = {sin_family = 2, sin_port = 50451, sin_addr = {s_addr = 864256081}, sin_zero = "000000000000000000000"}, ipv6 = {sin6_family = 2, sin6_port = 50451, sin6_flowinfo = 864256081, sin6_addr = {s6_addr = "000000000000000000000000b256X002000000000", u6_addr32 = {0, 0, 39366152, 0}}, sin6_scope_id = 2952844368}}, addr_len = 16, dst_host = {flag = 4, type = PJSIP_TRANSPORT_UDP, addr = {host = {ptr = 0x7fec800e57b0 "X.X.131.51 8 ", slen = 13}, port = 5061}}}
        status = 0
{noformat}

Specifically the following line:

{noformat}
dst_host = {flag = 4, type = PJSIP_TRANSPORT_UDP, addr = {host = {ptr = 0x7fec800e57b0 "X.X.131.51 8 ", slen = 13}, port = 5061}}}
{noformat}

The IP address has the IP and then ' 8 ', is this expected in this field? 

The 5061 port threw me but that's the destination host, so that could well be the case for UDP however mostly used for TLS.

At the time of the crash, there are no log entries. Only minutes before and once Asterisk restarts.

> Segfault in pjsip_message_ip_updater
> ------------------------------------
>
>                 Key: ASTERISK-27099
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27099
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip
>    Affects Versions: 14.5.0, GIT
>         Environment: Fedora 23
>            Reporter: Ross Beer
>            Assignee: Unassigned
>         Attachments: core.asterisk.90630.1499242994-thread1_CLEAN.txt, core.asterisk.txt
>
>
> Asterisk segfaults when replying to a message and selecting the transport:
> {noformat}
> #0  0x00007f728d704577 in __strncasecmp_l_avx () at /usr/lib64/libc.so.6
> #1  0x00007f729058c203 in pj_stricmp (str1=0x7f71400ce440, str2=0x7f71b5332930 <x_name>) at ../include/pj/string_i.h:222
>         min = 9
>         res = 32626
> #2  0x00007f72904dff54 in pjsip_param_find (param_list=0x7f71400ce3b0, name=0x7f71b5332930 <x_name>) at ../src/pjsip/sip_uri.c:38
>         p = 0x7f71400ce430
> #3  0x00007f71b5109f14 in multihomed_on_tx_message (tdata=0x7f71400cd958) at res_pjsip/pjsip_message_ip_updater.c:184
>         x_name = {ptr = 0x7f71b5121761 "x-ast-txp", slen = 9}
>         x_transport = <optimized out>
>         fromto = <optimized out>
>         contact = <optimized out>
>         hdr = 0x7f71400ce280
>         restrictions = 0x0
>         prm = {tp_type = 1074583896, tp_sel = 0x7f71b5121506, dst_host = {ptr = 0x7f71b5335f90 <response_headers+16> "", slen = 140126345917488}, local_if = 57842972, ret_addr = {ptr = 0x7f71b5127378 "res_pjsip/pjsip_global_headers.c", slen = 140124382617272}, ret_port = 40128, ret_tp = 0x7f71400cd958}
>         cseq = <optimized out>
>         via = <optimized out>
>         from = <optimized out>
>         __PRETTY_FUNCTION__ = "multihomed_on_tx_message"
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list