[asterisk-bugs] [JIRA] (ASTERISK-29097) res_pjsip_config_wizard: Crash when freeing string when failing to add extension

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Fri Sep 25 07:14:36 CDT 2020 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-29097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua C. Colp updated ASTERISK-29097:
--------------------------------------

    Summary: res_pjsip_config_wizard: Crash when freeing string when failing to add extension  (was: Asterisk 16.13.0 crashes with abort (no core dump))

> res_pjsip_config_wizard: Crash when freeing string when failing to add extension
> --------------------------------------------------------------------------------
>
>                 Key: ASTERISK-29097
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29097
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_config_wizard
>    Affects Versions: 16.13.0
>         Environment: Gentoo Linux - official asterisk ebuild with "debug" use flag
>            Reporter: Vieri
>         Attachments: backtrace.txt
>
>
> Asterisk exits each time I issue:
> asterisk -rx "module reload res_pjsip.so"
> Tried pjproject v. 2.9 and 2.10.
> Asterisk exits with:
> Reloading module 'res_pjsip.so' (Basic SIP resource)
> double free or corruption (fasttop)
> Aborted
> A gdb backtrace is unsuccessful s to optimization even though debugging has been enabled (in progress):
> (gdb) bt
> #0  0x00007ffff74b5881 in raise () at /lib64/libc.so.6
> #1  0x00007ffff749f55b in abort () at /lib64/libc.so.6
> #2  0x00007ffff74f8118 in  () at /lib64/libc.so.6
> #3  0x00007ffff74ff4ba in  () at /lib64/libc.so.6
> #4  0x00007ffff7500ff5 in  () at /lib64/libc.so.6
> #5  0x00007ffff4669a90 in add_extension
>     (context=context at entry=0x5555570a4150, exten=exten at entry=0x7fff7c078565 "1001", priority=priority at entry=1, application=application at entry=0x7fff7c0774b1 "Gosub(default,${EXTEN},1(${HINT}))") at res_pjsip_config_wizard.c:478
> #6  0x00007ffff4669c53 in add_hints
>     (context=context at entry=0x7fff7c07741d "default", exten=exten at entry=0x7fff7c078565 "1001", application=application at entry=0x7fff7c0774b1 "Gosub(default,${EXTEN},1(${HINT}))", id=id at entry=0x7fff7c076ee0 "1001") at res_pjsip_config_wizard.c:521
> #7  0x00007ffff466b89c in handle_endpoint (wiz=<optimized out>, otw=0x555556177640, sorcery=0x5555559fe310) at res_pjsip_config_wizard.c:723
> #8  wizard_apply_handler (sorcery=sorcery at entry=0x5555559fe310, otw=otw at entry=0x555556177640, wiz=wiz at entry=0x7fff7c076ee0) at res_pjsip_config_wizard.c:1022
> #9  0x00007ffff466c664 in object_type_loaded_observer (name=<optimized out>, sorcery=0x5555559fe310, object_type=0x555555c8a030 "endpoint", reloaded=<optimized out>)
>     at res_pjsip_config_wizard.c:1116
> #10 0x00005555556b4a80 in sorcery_object_load (obj=0x555555c8a030, arg=arg at entry=0x7fffacc74c30, flags=flags at entry=2) at sorcery.c:1357
> #11 0x00005555555b9a7b in internal_ao2_traverse
>     (self=0x5555559fe398, flags=flags at entry=OBJ_NODATA, cb_fn=cb_fn at entry=0x5555556b4660 <sorcery_object_load>, arg=arg at entry=0x7fffacc74c30, data=data at entry=0x0, type=type at entry=AO2_CALLBACK_DEFAULT, tag=0x555555754a20 "", file=0x5555557873d3 "sorcery.c", line=1415, func=0x555555787ea0 <__PRETTY_FUNCTION__.12112> "ast_sorcery_reload") at astobj2_container.c:328
> #12 0x00005555555b9fec in __ao2_callback
>     (c=<optimized out>, flags=flags at entry=OBJ_NODATA, cb_fn=cb_fn at entry=0x5555556b4660 <sorcery_object_load>, arg=arg at entry=0x7fffacc74c30, tag=tag at entry=0x555555754a20 "", file=file at entry=0x5555557873d3 "sorcery.c", line=1415, func=0x555555787ea0 <__PRETTY_FUNCTION__.12112> "ast_sorcery_reload") at astobj2_container.c:414
> #13 0x00005555556b8334 in ast_sorcery_reload (sorcery=0x5555559fe310) at sorcery.c:1415
> #14 0x00007ffff6753265 in ast_res_pjsip_reload_configuration () at res_pjsip/pjsip_configuration.c:2056
> #15 0x00007ffff67308d9 in reload_configuration_task (obj=<optimized out>) at res_pjsip.c:5106
> #16 0x00007ffff6730801 in sync_task (data=0x7fffacbf71f0) at res_pjsip.c:4623
> #17 0x00005555556d87e2 in ast_taskprocessor_execute (tps=tps at entry=0x55555617eb50) at taskprocessor.c:1237
> #18 0x00005555556e0400 in execute_tasks (data=0x55555617eb50) at threadpool.c:1356
> #19 0x00005555556d87e2 in ast_taskprocessor_execute (tps=0x55555617b2c0) at taskprocessor.c:1237
> #20 0x00005555556df7f4 in threadpool_execute (pool=0x55555617a880) at threadpool.c:367
> #21 worker_active (worker=0x7fff84004b20) at threadpool.c:1137
> #22 worker_start (arg=arg at entry=0x7fff84004b20) at threadpool.c:1056
> #23 0x00005555556e6eeb in dummy_start (data=<optimized out>) at utils.c:1249
> #24 0x00007ffff77c7f27 in start_thread () at /lib64/libpthread.so.0
> #25 0x00007ffff7576bef in clone () at /lib64/libc.so.6



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list