[asterisk-bugs] [JIRA] (ASTERISK-26764) chan_pjsip: Crash looking up PJSIP call-id on hungup channel.

Richard Mudgett (JIRA) noreply at issues.asterisk.org
Tue Mar 7 11:19:10 CST 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-26764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=235586#comment-235586 ] 

Richard Mudgett commented on ASTERISK-26764:
--------------------------------------------

I didn't have to do anything particularly special and this crash only happened once to me.  My test box is a nine year old Dell Vostro 200 with kubuntu 10.4 installed.  On the test box, I build Asterisk with bundled pjproject, no optimization, and BETTER_BACKTRACES to get the best bactraces.  I enable MALLOC_DEBUG and DO_CRASH to catch memory corruption issues when detected.  I build, install, and load just about all modules.  In my case it was a race-condition interaction with the res_hep_rtcp module using CHANNEL(pjsip,call-id) on a channel that was going away.  The res_hep_rtcp module is not needed by this particular test as it is not what the test is trying to verify.  My initial examination of the crash showed that CHANNEL(pjsip,xxx) needs better protection from pjsip channels that may disappear while trying to get the requested channel information.

> chan_pjsip: Crash looking up PJSIP call-id on hungup channel.
> -------------------------------------------------------------
>
>                 Key: ASTERISK-26764
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26764
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip
>    Affects Versions: 13.13.1
>         Environment: kubuntu 10.04 32-bit
>            Reporter: Richard Mudgett
>         Attachments: asterisk_26764_testsuite_logs.zip, backtrace.txt, full backtrace.txt
>
>
> Got a crash during testsuite test:
> channels/pjsip/transfers/blind_transfer/caller_refer_only
> res_hep_rtcp was processing a stasis bus message and trying to lookup the PJSIP channel's call-id in assign_uuid().  This is a third-party thread trying to get the call-id of a channel that may get hung up while trying to get the information.  The dialplan function CHANNEL(pjsip,call-id) calls pjsip_acf_channel_read() which indirectly calls read_pjsip() in another thread.  read_pjsip() then calls channel_read_pjsip() which can crash if the channel is hungup by the time execution gets to channel_read_pjsip().



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list