[asterisk-bugs] [JIRA] (ASTERISK-27061) res_pjsip: Crash/segfault during T.38 reinvite / negotiation

Bryan Nelson (JIRA) noreply at issues.asterisk.org
Wed Apr 4 18:35:51 CDT 2018 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=242943#comment-242943 ] 

Bryan Nelson commented on ASTERISK-27061:
-----------------------------------------

We experienced a possibly related crash today, with a bit of a simpler setup.  I am attempting to build a SIPP testing scenario now to reliably reproduce the crash.

Incoming call to asterisk, asterisk answers, fax detect sends to fax extension, FaxReceive() begins, asterisk sends re-invite to T.38, far end responds with an OK that lacks an ip address in the c header of the SDP:

{quote}
v=0
o=Sonus_UAC 29312 16158 IN IP4 *redacted*
s=SIP Media Capabilities
*c=IN IP4* 
t=0 0
m=image 0 udptl t38
a=T38FaxVersion:0
a=T38MaxBitRate:14400
a=T38FaxRateManagement:transferredTCF
a=T38FaxMaxDatagram:1400
a=T38FaxUdpEC:t38UDPRedundancy
a=sendrecv
{quote}

Attached are the results of of core dump.

> res_pjsip: Crash/segfault during T.38 reinvite / negotiation
> ------------------------------------------------------------
>
>                 Key: ASTERISK-27061
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27061
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip, Resources/res_pjsip_session
>    Affects Versions: 13.16.0
>         Environment: Centos 6, 64 bit
>            Reporter: Michael Maier
>              Labels: fax, pjsip
>         Attachments: 2018-04-04T11-19-06-0600-brief.txt, 2018-04-04T11-19-06-0600-full.txt, 2018-04-04T11-19-06-0600-locks.txt, 2018-04-04T11-19-06-0600-thread1.txt, asterisk-sigseg.coredump, callflow-1.png, callflow-2.png, core.myfw-2017-06-20T18-35-52+0200-brief.txt, core.myfw-2017-06-20T18-35-52+0200-full.txt, core.myfw-2017-06-20T18-35-52+0200-locks.txt, core.myfw-2017-06-20T18-35-52+0200-thread1.txt, core.tar.gz, sigseg-on-reinvite
>
>
> sigseg happens during sending of a fax / t.38 the following way:
> fax client -> asterisk -> telekom -> easybell -> asterisk -> fax server
> Fax server sends t.38 reinvite via asterisk to easybell.
> {noformat}
>    Session Description Protocol Version (v): 0
>    Owner/Creator, Session Id (o): - 2447581897 4 IN IP4 46.17.15.23
>    Session Name (s): Asterisk
>    Connection Information (c): IN IP4 46.17.15.23
>    Time Description, active time (t): 0 0
>    Media Description, name and address (m): image 4573 udptl t38
>    Media Attribute (a): T38FaxVersion:0
>    Media Attribute (a): T38MaxBitRate:14400
>    Media Attribute (a): T38FaxRateManagement:transferredTCF
>    Media Attribute (a): T38FaxMaxDatagram:397
>    Media Attribute (a): T38FaxUdpEC:t38UDPRedundancy
> {noformat}
> This reinvite is received by asterisk via telekom:
> {noformat}
>    Session Description Protocol Version (v): 0
>    Owner/Creator, Session Id (o): - 1811299599 2925027276 IN IP4 0.0.0.0
>    Session Name (s): -
>    Time Description, active time (t): 0 0
>    Media Description, name and address (m): image 0 udptl t38
>    Media Attribute (a): sendrecv
>    Media Attribute (a): T38FaxVersion:0
>    Media Attribute (a): T38MaxBitRate:14400
>    Media Attribute (a): T38FaxRateManagement:transferredTCF
>    Media Attribute (a): T38FaxMaxDatagram:397
>    Media Attribute (a): T38FaxUdpEC:t38UDPRedundancy
> {noformat}
> And asterisk gives it to the fax client:
> {noformat}
>    Session Description Protocol Version (v): 0
>    Owner/Creator, Session Id (o): - 1497774025 5 IN IP4 192.168.12.13
>    Session Name (s): Asterisk
>    Connection Information (c): IN IP4 192.168.12.13
>    Time Description, active time (t): 0 0
>    Media Description, name and address (m): image 4284 udptl t38
>    Media Attribute (a): T38FaxVersion:0
>    Media Attribute (a): T38MaxBitRate:14400
>    Media Attribute (a): T38FaxRateManagement:transferredTCF
>    Media Attribute (a): T38FaxMaxDatagram:393
>    Media Attribute (a): T38FaxUdpEC:t38UDPRedundancy
> {noformat}
> Completely ignoring, that telekom doesn't support it (port and ip
> addresses are set to 0).
> On completing the negotiation after 200 ok SDP and ACK from fax client,
> asterisk crashes. Stack trace and asterisk log is attached!



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list