[asterisk-bugs] [JIRA] (ASTERISK-29466) Asterisk crashes when the call hangs up a few seconds before it would send UPDATE

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Mon Jun 7 06:47:08 CDT 2021


     [ https://issues.asterisk.org/jira/browse/ASTERISK-29466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua C. Colp updated ASTERISK-29466:
--------------------------------------

    Severity: Minor  (was: Major)

> Asterisk crashes when the call hangs up a few seconds before it would send UPDATE
> ---------------------------------------------------------------------------------
>
>                 Key: ASTERISK-29466
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29466
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 18.4.0
>            Reporter: Sunny Narendra
>            Assignee: Unassigned
>
> To reproduce the crash:
>  * Make Asterisk Session-Expires timer to 120 instead of using the default 1800 (timers_sess_expires=120). With this change the Asterisk will send the UPDATE every 60s.
> The call scenario:
> * A calls B
> * B answers the call
> * B hangs up after 0:57
> Core dump:
> {code:java}
> (gdb) bt
> #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> #1  0x00007f0c75ec242a in __GI_abort () at abort.c:89
> #2  0x00007f0c75eb9e67 in __assert_fail_base (fmt=<optimized out>, assertion=assertion at entry=0x7f0c78d15b70 "inv->state < PJSIP_INV_STATE_DISCONNECTED", file=file at entry=0x7f0c78d150af "../src/pjsip-ua/sip_inv.c", line=line at entry=3064,
>     function=function at entry=0x7f0c78d162b0 <__PRETTY_FUNCTION__.8486> "pjsip_inv_update") at assert.c:92
> #3  0x00007f0c75eb9f12 in __GI___assert_fail (assertion=0x7f0c78d15b70 "inv->state < PJSIP_INV_STATE_DISCONNECTED", file=0x7f0c78d150af "../src/pjsip-ua/sip_inv.c", line=3064, function=0x7f0c78d162b0 <__PRETTY_FUNCTION__.8486> "pjsip_inv_update") at assert.c:101
> #4  0x00007f0c78c09811 in pjsip_inv_update (inv=0x7f0c68023c68, new_contact=0x0, offer=0x0, p_tdata=0x7f0c245f9ce8) at ../src/pjsip-ua/sip_inv.c:3063
> #5  0x00007f0c78c15680 in timer_cb (timer_heap=0x5597b71a04b0, entry=0x7f0c68023ed0) at ../src/pjsip-ua/sip_timer.c:398
> #6  0x00007f0c78d0d487 in pj_timer_heap_poll (ht=0x5597b71a04b0, next_delay=0x7f0c245f9e10) at ../src/pj/timer.c:913
> #7  0x00007f0c78c33f63 in pjsip_endpt_handle_events2 (endpt=0x5597b71a01c8, max_timeout=0x7f0c245f9e70, p_count=0x0) at ../src/pjsip/sip_endpoint.c:716
> #8  0x00007f0c78c340ee in pjsip_endpt_handle_events (endpt=0x5597b71a01c8, max_timeout=0x7f0c245f9e70) at ../src/pjsip/sip_endpoint.c:777
> #9  0x00007f0c2b2113e0 in monitor_thread_exec (endpt=0x0) at res_pjsip.c:5166
> #10 0x00007f0c78cef7b2 in thread_main (param=0x5597b73cb708) at ../src/pj/os_core_unix.c:541
> #11 0x00007f0c7736b4a4 in start_thread (arg=0x7f0c245fa700) at pthread_create.c:456
> #12 0x00007f0c75f76d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
> (gdb)
> {code}
> Following patch seems to fix the issue:
> {code:java}
> --- a/third-party/pjproject/patches/0011-sip_inv_patch.patch	Wed May 12 14:52:42 2021 +0000
> +++ b/third-party/pjproject/patches/0011-sip_inv_patch.patch	Wed May 12 14:52:57 2021 +0000
> @@ -15,11 +15,13 @@
>  index ca225015b..7c11b1c8e 100644
>  --- a/pjsip/src/pjsip-ua/sip_inv.c
>  +++ b/pjsip/src/pjsip-ua/sip_inv.c
> -@@ -323,9 +323,19 @@ static void inv_set_state(pjsip_inv_session *inv, pjsip_inv_state state,
> +@@ -323,9 +323,20 @@ static void inv_set_state(pjsip_inv_session *inv, pjsip_inv_state state,
>   	(*mod_inv.cb.on_state_changed)(inv, e);
>       pjsip_inv_dec_ref(inv);
>  -    /* Only decrement when previous state is not already DISCONNECTED */
> +-    if (state == PJSIP_INV_STATE_DISCONNECTED &&
> +-	prev_state != PJSIP_INV_STATE_DISCONNECTED)
>  +    /* The above callback may change the state, so we need to be careful here
>  +     * and only decrement inv under the following conditions:
>  +     * 1. If the state parameter is DISCONNECTED, and previous state is not
> @@ -30,10 +32,10 @@
>  +     *    inv within the callback. Note that this check must be last since
>  +     *    inv may have already been destroyed.
>  +     */
> -     if (state == PJSIP_INV_STATE_DISCONNECTED &&
> --	prev_state != PJSIP_INV_STATE_DISCONNECTED)
> -+	prev_state != PJSIP_INV_STATE_DISCONNECTED &&
> -+	inv->state == PJSIP_INV_STATE_DISCONNECTED)
> ++    if ((state == PJSIP_INV_STATE_DISCONNECTED &&
> ++	prev_state != PJSIP_INV_STATE_DISCONNECTED) ||
> ++	(prev_state != PJSIP_INV_STATE_DISCONNECTED &&
> ++	inv->state == PJSIP_INV_STATE_DISCONNECTED))
>       {
>   	pjsip_inv_dec_ref(inv);
>       }
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list