[asterisk-bugs] [JIRA] (ASTERISK-27393) res_pjsip: Crash occurs when an empty contact is specified on an AOR

Richard Mudgett (JIRA) noreply at issues.asterisk.org
Mon Nov 6 06:33:28 CST 2017


     [ https://issues.asterisk.org/jira/browse/ASTERISK-27393?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Mudgett updated ASTERISK-27393:
---------------------------------------

    Description: 
I have searched other issues similar to this, for example:
ASTERISK-25970

but the crash i met is different. it can be reproduced easily by support a contact with uri="".


the backtrace:

(gdb) bt
#0  pjsip_url_compare (context=PJSIP_URI_IN_CONTACT_HDR, url1=0x7f7e60029f88, url2=0x0) at ../src/pjsip/sip_uri.c:400
#1  0x00007f7e3ed38737 in pjsip_uri_cmp (uri2=<optimized out>, uri1=<optimized out>, context=PJSIP_URI_IN_CONTACT_HDR)
    at /home/cti-link/cti-link-webrtc/asterisk/asterisk-13.16.0/third-party/pjproject/source/pjsip/include/pjsip/sip_uri.h:287
#2  registrar_find_contact (obj=<optimized out>, arg=0x7f7e541c49b0, flags=<optimized out>) at res_pjsip_registrar.c:127
#3  0x000000000047dd3a in internal_ao2_traverse (self=0x7f7e60033fe8, flags=OBJ_SEARCH_NONE, cb_fn=0x7f7e3ed386f0 <registrar_find_contact>, arg=0x7f7e541c49b0, data=0x0, type=AO2_CALLBACK_DEFAULT, 
    tag=0x0, file=0x0, line=0, func=0x0) at astobj2_container.c:354
#4  0x000000000047e2de in __ao2_callback (c=0x7f7e60033fe8, flags=OBJ_SEARCH_NONE, cb_fn=0x7f7e3ed386f0 <registrar_find_contact>, arg=0x7f7e541c49b0) at astobj2_container.c:455
#5  0x00007f7e3ed39c06 in registrar_validate_contacts (deleted=<synthetic pointer>, updated=<synthetic pointer>, added=<synthetic pointer>, aor=0x7f7e60019db8, contacts=0x7f7e60033fe8, 
    rdata=0x7f7e6002c3a8) at res_pjsip_registrar.c:181
#6  register_aor_core (rdata=rdata at entry=0x7f7e6002c3a8, endpoint=endpoint at entry=0x7f7e60038618, aor=aor at entry=0x7f7e60019db8, aor_name=aor_name at entry=0x7f7e6001a270 "70000029023", 
    contacts=contacts at entry=0x7f7e60033fe8) at res_pjsip_registrar.c:342
#7  0x00007f7e3ed3bcf6 in register_aor (aor_name=0x7f7e6001a270 "70000029023", aor=0x7f7e60019db8, endpoint=0x7f7e60038618, rdata=0x7f7e6002c3a8) at res_pjsip_registrar.c:575
#8  registrar_on_rx_request (rdata=0x7f7e6002c3a8) at res_pjsip_registrar.c:760
#9  0x00007f7e8394c4b7 in pjsip_endpt_process_rx_data (endpt=<optimized out>, rdata=rdata at entry=0x7f7e6002c3a8, p=p at entry=0x7f7e56d15730 <param.24222>, p_handled=p_handled at entry=0x7f7e541c4bbc)
    at ../src/pjsip/sip_endpoint.c:887
#10 0x00007f7e56adebec in distribute (data=0x7f7e6002c3a8) at res_pjsip/pjsip_distributor.c:770
#11 0x000000000071b0cd in ast_taskprocessor_execute (tps=0x2b77b50) at taskprocessor.c:965
#12 0x000000000072f92d in execute_tasks (data=0x2b77b50) at threadpool.c:1322
#13 0x000000000071b0cd in ast_taskprocessor_execute (tps=0x28bfae0) at taskprocessor.c:965
#14 0x000000000072c591 in threadpool_execute (pool=0x28c17f0) at threadpool.c:351
#15 0x000000000072ed33 in worker_active (worker=0x7f7e700009a0) at threadpool.c:1105
#16 0x000000000072e996 in worker_start (arg=0x7f7e700009a0) at threadpool.c:1024
#17 0x00000000007428d6 in dummy_start (data=0x7f7e70000ab0) at utils.c:1238
#18 0x00007f7e81de0dc5 in start_thread () from /lib64/libpthread.so.0
#19 0x00007f7e810cc6ed in clone () from /lib64/libc.so.6

  was:
I have searched other issues similar to this, for example:
https://issues.asterisk.org/jira/browse/ASTERISK-25970

but the crash i met is different. it can be reproduced easily by support a contact with uri="".


the backtrace:

(gdb) bt
#0  pjsip_url_compare (context=PJSIP_URI_IN_CONTACT_HDR, url1=0x7f7e60029f88, url2=0x0) at ../src/pjsip/sip_uri.c:400
#1  0x00007f7e3ed38737 in pjsip_uri_cmp (uri2=<optimized out>, uri1=<optimized out>, context=PJSIP_URI_IN_CONTACT_HDR)
    at /home/cti-link/cti-link-webrtc/asterisk/asterisk-13.16.0/third-party/pjproject/source/pjsip/include/pjsip/sip_uri.h:287
#2  registrar_find_contact (obj=<optimized out>, arg=0x7f7e541c49b0, flags=<optimized out>) at res_pjsip_registrar.c:127
#3  0x000000000047dd3a in internal_ao2_traverse (self=0x7f7e60033fe8, flags=OBJ_SEARCH_NONE, cb_fn=0x7f7e3ed386f0 <registrar_find_contact>, arg=0x7f7e541c49b0, data=0x0, type=AO2_CALLBACK_DEFAULT, 
    tag=0x0, file=0x0, line=0, func=0x0) at astobj2_container.c:354
#4  0x000000000047e2de in __ao2_callback (c=0x7f7e60033fe8, flags=OBJ_SEARCH_NONE, cb_fn=0x7f7e3ed386f0 <registrar_find_contact>, arg=0x7f7e541c49b0) at astobj2_container.c:455
#5  0x00007f7e3ed39c06 in registrar_validate_contacts (deleted=<synthetic pointer>, updated=<synthetic pointer>, added=<synthetic pointer>, aor=0x7f7e60019db8, contacts=0x7f7e60033fe8, 
    rdata=0x7f7e6002c3a8) at res_pjsip_registrar.c:181
#6  register_aor_core (rdata=rdata at entry=0x7f7e6002c3a8, endpoint=endpoint at entry=0x7f7e60038618, aor=aor at entry=0x7f7e60019db8, aor_name=aor_name at entry=0x7f7e6001a270 "70000029023", 
    contacts=contacts at entry=0x7f7e60033fe8) at res_pjsip_registrar.c:342
#7  0x00007f7e3ed3bcf6 in register_aor (aor_name=0x7f7e6001a270 "70000029023", aor=0x7f7e60019db8, endpoint=0x7f7e60038618, rdata=0x7f7e6002c3a8) at res_pjsip_registrar.c:575
#8  registrar_on_rx_request (rdata=0x7f7e6002c3a8) at res_pjsip_registrar.c:760
#9  0x00007f7e8394c4b7 in pjsip_endpt_process_rx_data (endpt=<optimized out>, rdata=rdata at entry=0x7f7e6002c3a8, p=p at entry=0x7f7e56d15730 <param.24222>, p_handled=p_handled at entry=0x7f7e541c4bbc)
    at ../src/pjsip/sip_endpoint.c:887
#10 0x00007f7e56adebec in distribute (data=0x7f7e6002c3a8) at res_pjsip/pjsip_distributor.c:770
#11 0x000000000071b0cd in ast_taskprocessor_execute (tps=0x2b77b50) at taskprocessor.c:965
#12 0x000000000072f92d in execute_tasks (data=0x2b77b50) at threadpool.c:1322
#13 0x000000000071b0cd in ast_taskprocessor_execute (tps=0x28bfae0) at taskprocessor.c:965
#14 0x000000000072c591 in threadpool_execute (pool=0x28c17f0) at threadpool.c:351
#15 0x000000000072ed33 in worker_active (worker=0x7f7e700009a0) at threadpool.c:1105
#16 0x000000000072e996 in worker_start (arg=0x7f7e700009a0) at threadpool.c:1024
#17 0x00000000007428d6 in dummy_start (data=0x7f7e70000ab0) at utils.c:1238
#18 0x00007f7e81de0dc5 in start_thread () from /lib64/libpthread.so.0
#19 0x00007f7e810cc6ed in clone () from /lib64/libc.so.6


> res_pjsip: Crash occurs when an empty contact is specified on an AOR
> --------------------------------------------------------------------
>
>                 Key: ASTERISK-27393
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27393
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 13.16.0
>         Environment: CentOS6.5 X64
>            Reporter: Aaron An
>            Assignee: Aaron An
>            Severity: Minor
>
> I have searched other issues similar to this, for example:
> ASTERISK-25970
> but the crash i met is different. it can be reproduced easily by support a contact with uri="".
> the backtrace:
> (gdb) bt
> #0  pjsip_url_compare (context=PJSIP_URI_IN_CONTACT_HDR, url1=0x7f7e60029f88, url2=0x0) at ../src/pjsip/sip_uri.c:400
> #1  0x00007f7e3ed38737 in pjsip_uri_cmp (uri2=<optimized out>, uri1=<optimized out>, context=PJSIP_URI_IN_CONTACT_HDR)
>     at /home/cti-link/cti-link-webrtc/asterisk/asterisk-13.16.0/third-party/pjproject/source/pjsip/include/pjsip/sip_uri.h:287
> #2  registrar_find_contact (obj=<optimized out>, arg=0x7f7e541c49b0, flags=<optimized out>) at res_pjsip_registrar.c:127
> #3  0x000000000047dd3a in internal_ao2_traverse (self=0x7f7e60033fe8, flags=OBJ_SEARCH_NONE, cb_fn=0x7f7e3ed386f0 <registrar_find_contact>, arg=0x7f7e541c49b0, data=0x0, type=AO2_CALLBACK_DEFAULT, 
>     tag=0x0, file=0x0, line=0, func=0x0) at astobj2_container.c:354
> #4  0x000000000047e2de in __ao2_callback (c=0x7f7e60033fe8, flags=OBJ_SEARCH_NONE, cb_fn=0x7f7e3ed386f0 <registrar_find_contact>, arg=0x7f7e541c49b0) at astobj2_container.c:455
> #5  0x00007f7e3ed39c06 in registrar_validate_contacts (deleted=<synthetic pointer>, updated=<synthetic pointer>, added=<synthetic pointer>, aor=0x7f7e60019db8, contacts=0x7f7e60033fe8, 
>     rdata=0x7f7e6002c3a8) at res_pjsip_registrar.c:181
> #6  register_aor_core (rdata=rdata at entry=0x7f7e6002c3a8, endpoint=endpoint at entry=0x7f7e60038618, aor=aor at entry=0x7f7e60019db8, aor_name=aor_name at entry=0x7f7e6001a270 "70000029023", 
>     contacts=contacts at entry=0x7f7e60033fe8) at res_pjsip_registrar.c:342
> #7  0x00007f7e3ed3bcf6 in register_aor (aor_name=0x7f7e6001a270 "70000029023", aor=0x7f7e60019db8, endpoint=0x7f7e60038618, rdata=0x7f7e6002c3a8) at res_pjsip_registrar.c:575
> #8  registrar_on_rx_request (rdata=0x7f7e6002c3a8) at res_pjsip_registrar.c:760
> #9  0x00007f7e8394c4b7 in pjsip_endpt_process_rx_data (endpt=<optimized out>, rdata=rdata at entry=0x7f7e6002c3a8, p=p at entry=0x7f7e56d15730 <param.24222>, p_handled=p_handled at entry=0x7f7e541c4bbc)
>     at ../src/pjsip/sip_endpoint.c:887
> #10 0x00007f7e56adebec in distribute (data=0x7f7e6002c3a8) at res_pjsip/pjsip_distributor.c:770
> #11 0x000000000071b0cd in ast_taskprocessor_execute (tps=0x2b77b50) at taskprocessor.c:965
> #12 0x000000000072f92d in execute_tasks (data=0x2b77b50) at threadpool.c:1322
> #13 0x000000000071b0cd in ast_taskprocessor_execute (tps=0x28bfae0) at taskprocessor.c:965
> #14 0x000000000072c591 in threadpool_execute (pool=0x28c17f0) at threadpool.c:351
> #15 0x000000000072ed33 in worker_active (worker=0x7f7e700009a0) at threadpool.c:1105
> #16 0x000000000072e996 in worker_start (arg=0x7f7e700009a0) at threadpool.c:1024
> #17 0x00000000007428d6 in dummy_start (data=0x7f7e70000ab0) at utils.c:1238
> #18 0x00007f7e81de0dc5 in start_thread () from /lib64/libpthread.so.0
> #19 0x00007f7e810cc6ed in clone () from /lib64/libc.so.6



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list