[asterisk-bugs] [JIRA] (ASTERISK-28800) core: SIGSEGV on DTMF when some modules not loaded

Sebastian Kemper (JIRA) noreply at issues.asterisk.org
Thu Dec 24 14:04:16 CST 2020 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=253204#comment-253204 ] 

Sebastian Kemper commented on ASTERISK-28800:
---------------------------------------------

Merry Christmas,

We have a bug open now for this as well: https://github.com/openwrt/telephony/issues/597

I did a git-bisect in branch "16" between ca. 16.3.0 and the last commit in "16". It turned up with commit: 43d4c0e3c9ac27ea0b3cd49085e72465b63e3014 "channel.c: Resolve issue with receiving SIP INFO packets for DTMF". Without this commit there is no segfault. Loading timerfd module works, too.

I did a backtrace, but I'm not really knowledgeable when it comes to BTs, so I'll just post it here, maybe it helps, maybe it doesn't.

Thread 2 "asterisk" received signal SIGSEGV, Segmentation fault.
ast_timer_set_rate (handle=0x0, rate=rate at entry=50) at timing.c:168
168		return handle->holder->iface->timer_set_rate(handle->data, rate);
(gdb) bt
#0  ast_timer_set_rate (handle=0x0, rate=rate at entry=50) at timing.c:168
#1  0x00469ae7 in __ast_read (chan=0x6a62b8, dropaudio=dropaudio at entry=0, dropnondefault=dropnondefault at entry=0) at channel.c:3952
#2  0x0046a88f in ast_read_stream (chan=<optimized out>) at channel.c:4278
#3  0x0045598d in bridge_handle_trip (bridge_channel=0x6fae08) at bridge_channel.c:2623
#4  bridge_channel_wait (bridge_channel=0x6fae08) at bridge_channel.c:2838
#5  bridge_channel_internal_join (bridge_channel=bridge_channel at entry=0x6fae08) at bridge_channel.c:2989
#6  0x00449651 in ast_bridge_join (bridge=bridge at entry=0x6a8518, chan=chan at entry=0x6a62b8, swap=swap at entry=0x0, features=features at entry=0x77872700, 
    tech_args=tech_args at entry=0x0, flags=flags at entry=(AST_BRIDGE_JOIN_PASS_REFERENCE | AST_BRIDGE_JOIN_INHIBIT_JOIN_COLP)) at bridge.c:1725
#7  0x00500d5b in ast_bridge_call_with_flags (warning: GDB can't find the start of the function at 0x77041114.

    GDB is unable to find the start of the function at 0x77041114
and thus can't determine the size of that function's stack frame.
This means that GDB may be unable to access that stack frame, or
the frames below it.
    This problem is most likely caused by an invalid program counter or
stack pointer.
    However, if you think GDB should simply search farther back
from 0x77041114 for code which looks like the beginning of a
function, you can increase the range of the search using the `set
heuristic-fence-post' command.
chan=0x6a62b8, peer=<optimized out>, config=<optimized out>, flags=flags at entry=0) at features.c:679
#8  0x00500dbd in ast_bridge_call (chan=<optimized out>, peer=<optimized out>, config=<optimized out>) at features.c:718
#9  0x77041115 in ?? ()
(gdb) c
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) q

Best regards,
Seb

> core: SIGSEGV on DTMF when some modules not loaded
> --------------------------------------------------
>
>                 Key: ASTERISK-28800
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28800
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/General
>    Affects Versions: 16.7.0, 16.8.0, 16.9.0
>            Reporter: Adrien Martin
>            Assignee: Unassigned
>              Labels: patch
>         Attachments: core-brief.txt, core-full.txt, core-locks.txt, core.tar.gz, core-thread1.txt, extensions.conf, inbound.conf, modules.conf, peers.conf, rtp.conf, sip.conf, tag-16.14.1-no-timer.patch
>
>
> During a call when the caller send a DTMF (using the method negotiated in SDP and configured for the peer) asterisk ends with SIGSEGV.
> The versions I tested (using chan_sip) were :
> * 16.2.1 with debian patches (which we are using at the moment), no crash,
> * 16.6.0 with debian patches, no crash,
> * 16.7.0/16.8.0/16.9.0 with debian patches, segfault,
> * 16.9.0 built from upstream archive without packaging nor patches, segfault.
> The crash happens while playing a .wav or in a call or with Answer+Echo.
> It happens either before the call is answered or after.
> It happens with dtmfmode set 2833 of info.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list