[asterisk-bugs] [JIRA] (ASTERISK-27928) segfault in channel_read_pjsip, dereferencing chan

Simone Lazzaris (JIRA) noreply at issues.asterisk.org
Wed Jun 20 08:38:54 CDT 2018 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=243867#comment-243867 ] 

Simone Lazzaris commented on ASTERISK-27928:
--------------------------------------------

I'm trying to write a patch adding some sanity check before dereferencing the *char pointer. I'll submit as soon as they are tested in our environment

> segfault in channel_read_pjsip, dereferencing chan
> --------------------------------------------------
>
>                 Key: ASTERISK-27928
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27928
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip
>    Affects Versions: 13.14.1
>         Environment: Debian 9, installed from packages.
>            Reporter: Simone Lazzaris
>              Labels: pjsip
>
> Sporadically (i.e. maybe once a day) in a very busy server asterisk segfaults trying to dereference a null pointer.
> It is similar, but not the same, to issue  ASTERISK-26467. 
> This is the backtrace from the core dump:
> #0  ast_channel_tech_pvt (chan=chan at entry=0x0) at channel_internal_api.c:756
> #1  0x00007f6db93924e1 in channel_read_pjsip (chan=0x0, type=0x7f6db34a5836 "call-id", buf=0x7f6db34a5b30 "", buflen=128, field=<optimized out>) at pjsip/dialplan_functions.c:646
> #2  0x00007f6db9392f19 in read_pjsip (data=0x7f6db34a5860) at pjsip/dialplan_functions.c:764
> #3  0x00007f6df8d914b0 in sync_task (data=0x7f6db34a5770) at res_pjsip.c:3966
> #4  0x000055e59d7510e8 in ast_taskprocessor_execute (tps=tps at entry=0x55e59fe9a720) at taskprocessor.c:965
> #5  0x000055e59d7590a0 in execute_tasks (data=0x55e59fe9a720) at threadpool.c:1322
> #6  0x000055e59d7510e8 in ast_taskprocessor_execute (tps=0x55e5a02994d0) at taskprocessor.c:965
> #7  0x000055e59d758a74 in threadpool_execute (pool=0x55e5a0297e20) at threadpool.c:351
> #8  worker_active (worker=0x7f6df00046c0) at threadpool.c:1105
> #9  worker_start (arg=arg at entry=0x7f6df00046c0) at threadpool.c:1024
> #10 0x000055e59d76108c in dummy_start (data=<optimized out>) at utils.c:1235
> #11 0x00007f6e807f0494 in start_thread (arg=0x7f6dafdea700) at pthread_create.c:333
> #12 0x00007f6e7f3faacf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list