[asterisk-bugs] [JIRA] (ASTERISK-29376) res_rtp_asterisk: Coredump with t.140 RED enabled

Thomas Johnson (JIRA) noreply at issues.asterisk.org
Wed Jun 2 10:08:17 CDT 2021 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=255072#comment-255072 ] 

Thomas Johnson commented on ASTERISK-29376:
-------------------------------------------

I modified red_write to add some logging.    However, I am confused, the crash (from the brief.txt) occurs on the if statement, but it was able to log after the crash.   I've attached a temp.zip which includes the asterisk log, and the modified res_rtp_astersik.c from Asterisk 18.4.    Also attached the brief since the whole .tar.gz is too big.   Any suggestions?

I seem to be able to consistently crash Asterisk by placing two t140 RED calls answering both and the dropping the first one.   The crash does seem to be in the drop.   My thought is the pointer was freed and the scheduled task still ran, but if you look at the modified res_rtp_asterisk, the logs saying it was being freed were not logged.



> res_rtp_asterisk: Coredump with t.140 RED enabled
> -------------------------------------------------
>
>                 Key: ASTERISK-29376
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29376
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 17.8.1
>         Environment: RedHat 8
>            Reporter: Thomas Johnson
>            Assignee: Unassigned
>         Attachments: core.asterisk.2431.ipswitchdev66.microautomation.local.1617722782-brief.txt, core.asterisk.2431.ipswitchdev66.microautomation.local.1617722782-full.txt, core.asterisk.2431.ipswitchdev66.microautomation.local.1617722782-info.txt, core.asterisk.2431.ipswitchdev66.microautomation.local.1617722782-locks.txt, core.asterisk.2431.ipswitchdev66.microautomation.local.1617722782-thread1.txt, core.asterisk.296402.ipswitchdev66.microautomation.local.1622643818-brief.txt, debug_log_123456.gz, temp.zip
>
>
> Asterisk will randomly coredump if RED is allowed.  The exception is in an apparent scheduled callback to red_write.   I tried modifying the function to check for NULL pointers, but it still crashes due to possibly an invalid pointer.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list