[asterisk-bugs] [JIRA] (ASTERISK-29215) res_pjsip_session: NULL active_media_state topology caused asterisk crash

sungtae kim (JIRA) noreply at issues.asterisk.org
Wed Dec 16 20:28:16 CST 2020 

sungtae kim created ASTERISK-29215:
--------------------------------------

             Summary: res_pjsip_session: NULL active_media_state topology caused asterisk crash
                 Key: ASTERISK-29215
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29215
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_pjsip_session
    Affects Versions: 18.1.0
            Reporter: sungtae kim
            Severity: Minor


NULL active_media_state topology causing an Asterisk crash

[code]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/asterisk -f -g -C /etc/asterisk/asterisk.conf'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00005571c1e9faec in ast_stream_topology_get_count (topology=0x0) at stream.c:769
769		return AST_VECTOR_SIZE(&topology->streams);
[Current thread is 1 (Thread 0x7fabe5f88700 (LWP 13628))]
(gdb) where
#0  0x00005571c1e9faec in ast_stream_topology_get_count (topology=0x0) at stream.c:769
#1  0x00005571c1e9f72a in ast_stream_topology_equal (left=0x0, right=0x7fabe80175e8) at stream.c:704
#2  0x00007fabe65a05a4 in sip_session_refresh (session=0x7fabe0066150, on_request_creation=0x0, on_sdp_creation=0x0, on_response=0x7fabe64ffbfc <on_topology_change_response>, 
    method=AST_SIP_SESSION_REFRESH_METHOD_INVITE, generate_new_sdp=1, pending_media_state=0x7fabe8017fb0, active_media_state=0x7fabe0064c70, queued=1) at res_pjsip_session.c:2291
#3  0x00007fabe659a78a in send_delayed_request (session=0x7fabe0066150, delay=0x7fabe00260e0) at res_pjsip_session.c:1400
#4  0x00007fabe659b08b in invite_terminated (vsession=0x7fabe0066150) at res_pjsip_session.c:1512
#5  0x00005571c1ea8254 in ast_taskprocessor_execute (tps=0x7fabe0066920) at taskprocessor.c:1237
#6  0x00005571c1eb1e8f in execute_tasks (data=0x7fabe0066920) at threadpool.c:1354
#7  0x00005571c1ea8254 in ast_taskprocessor_execute (tps=0x5571c300df30) at taskprocessor.c:1237
#8  0x00005571c1eafa93 in threadpool_execute (pool=0x5571c300c950) at threadpool.c:367
#9  0x00005571c1eb16d0 in worker_active (worker=0x7fabf4001340) at threadpool.c:1137
#10 0x00005571c1eb1442 in worker_start (arg=0x7fabf4001340) at threadpool.c:1056
#11 0x00005571c1ebb170 in dummy_start (data=0x5571c2f666e0) at utils.c:1299
#12 0x00007fac07537fa3 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#13 0x00007fac06fcb4cf in clone () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) frame 0
l#0  0x00005571c1e9faec in ast_stream_topology_get_count (topology=0x0) at stream.c:769
i769		return AST_VECTOR_SIZE(&topology->streams);
(gdb) list
764	
765	int ast_stream_topology_get_count(const struct ast_stream_topology *topology)
766	{
767		ast_assert(topology != NULL);
768	
769		return AST_VECTOR_SIZE(&topology->streams);
770	}
771	
772	int ast_stream_topology_get_active_count(const struct ast_stream_topology *topology)
773	{
(gdb) p topology
$1 = (const struct ast_stream_topology *) 0x0
(gdb) f 2
#2  0x00007fabe65a05a4 in sip_session_refresh (session=0x7fabe0066150, on_request_creation=0x0, on_sdp_creation=0x0, on_response=0x7fabe64ffbfc <on_topology_change_response>, 
    method=AST_SIP_SESSION_REFRESH_METHOD_INVITE, generate_new_sdp=1, pending_media_state=0x7fabe8017fb0, active_media_state=0x7fabe0064c70, queued=1) at res_pjsip_session.c:2291
2291					topology_change_request = !ast_stream_topology_equal(active_media_state->topology, pending_media_state->topology);
(gdb) p
$2 = (const struct ast_stream_topology *) 0x0
(gdb) list
2286					 * We need to check if the passed in active and pending states are equal
2287					 * before we run the media states resolver.  We'll use the flag later
2288					 * to signal whether this was topology change or some other change such
2289					 * as a connected line change.
2290					 */
2291					topology_change_request = !ast_stream_topology_equal(active_media_state->topology, pending_media_state->topology);
2292	
2293					ast_trace(-1, "%s: Active media state exists and is%s equal to pending\n", ast_sip_session_get_name(session),
2294						topology_change_request ? " not" : "");
2295					ast_trace(-1, "%s: DP: %s\n", ast_sip_session_get_name(session), ast_str_tmp(256, ast_stream_topology_to_str(pending_media_state->topology, &STR_TMP)));
(gdb) p active_media_state->topology
$3 = (struct ast_stream_topology *) 0x0
(gdb) 
[code]



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list