[asterisk-bugs] [JIRA] (ASTERISK-29215) res_pjsip_session: NULL active_media_state topology caused asterisk crash

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Wed Mar 10 11:24:15 CST 2021 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-29215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Work on ASTERISK-29215 stopped by Joshua C. Colp.

> res_pjsip_session: NULL active_media_state topology caused asterisk crash
> -------------------------------------------------------------------------
>
>                 Key: ASTERISK-29215
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29215
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_session
>    Affects Versions: 18.1.0
>            Reporter: sungtae kim
>            Assignee: sungtae kim
>
> NULL active_media_state topology causing an Asterisk crash
> {noformat}
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Core was generated by `/usr/sbin/asterisk -f -g -C /etc/asterisk/asterisk.conf'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00005571c1e9faec in ast_stream_topology_get_count (topology=0x0) at stream.c:769
> 769		return AST_VECTOR_SIZE(&topology->streams);
> [Current thread is 1 (Thread 0x7fabe5f88700 (LWP 13628))]
> (gdb) where
> #0  0x00005571c1e9faec in ast_stream_topology_get_count (topology=0x0) at stream.c:769
> #1  0x00005571c1e9f72a in ast_stream_topology_equal (left=0x0, right=0x7fabe80175e8) at stream.c:704
> #2  0x00007fabe65a05a4 in sip_session_refresh (session=0x7fabe0066150, on_request_creation=0x0, on_sdp_creation=0x0, on_response=0x7fabe64ffbfc <on_topology_change_response>, 
>     method=AST_SIP_SESSION_REFRESH_METHOD_INVITE, generate_new_sdp=1, pending_media_state=0x7fabe8017fb0, active_media_state=0x7fabe0064c70, queued=1) at res_pjsip_session.c:2291
> #3  0x00007fabe659a78a in send_delayed_request (session=0x7fabe0066150, delay=0x7fabe00260e0) at res_pjsip_session.c:1400
> #4  0x00007fabe659b08b in invite_terminated (vsession=0x7fabe0066150) at res_pjsip_session.c:1512
> #5  0x00005571c1ea8254 in ast_taskprocessor_execute (tps=0x7fabe0066920) at taskprocessor.c:1237
> #6  0x00005571c1eb1e8f in execute_tasks (data=0x7fabe0066920) at threadpool.c:1354
> #7  0x00005571c1ea8254 in ast_taskprocessor_execute (tps=0x5571c300df30) at taskprocessor.c:1237
> #8  0x00005571c1eafa93 in threadpool_execute (pool=0x5571c300c950) at threadpool.c:367
> #9  0x00005571c1eb16d0 in worker_active (worker=0x7fabf4001340) at threadpool.c:1137
> #10 0x00005571c1eb1442 in worker_start (arg=0x7fabf4001340) at threadpool.c:1056
> #11 0x00005571c1ebb170 in dummy_start (data=0x5571c2f666e0) at utils.c:1299
> #12 0x00007fac07537fa3 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
> #13 0x00007fac06fcb4cf in clone () from /lib/x86_64-linux-gnu/libc.so.6
> (gdb) frame 0
> l#0  0x00005571c1e9faec in ast_stream_topology_get_count (topology=0x0) at stream.c:769
> i769		return AST_VECTOR_SIZE(&topology->streams);
> (gdb) list
> 764	
> 765	int ast_stream_topology_get_count(const struct ast_stream_topology *topology)
> 766	{
> 767		ast_assert(topology != NULL);
> 768	
> 769		return AST_VECTOR_SIZE(&topology->streams);
> 770	}
> 771	
> 772	int ast_stream_topology_get_active_count(const struct ast_stream_topology *topology)
> 773	{
> (gdb) p topology
> $1 = (const struct ast_stream_topology *) 0x0
> (gdb) f 2
> #2  0x00007fabe65a05a4 in sip_session_refresh (session=0x7fabe0066150, on_request_creation=0x0, on_sdp_creation=0x0, on_response=0x7fabe64ffbfc <on_topology_change_response>, 
>     method=AST_SIP_SESSION_REFRESH_METHOD_INVITE, generate_new_sdp=1, pending_media_state=0x7fabe8017fb0, active_media_state=0x7fabe0064c70, queued=1) at res_pjsip_session.c:2291
> 2291					topology_change_request = !ast_stream_topology_equal(active_media_state->topology, pending_media_state->topology);
> (gdb) p
> $2 = (const struct ast_stream_topology *) 0x0
> (gdb) list
> 2286					 * We need to check if the passed in active and pending states are equal
> 2287					 * before we run the media states resolver.  We'll use the flag later
> 2288					 * to signal whether this was topology change or some other change such
> 2289					 * as a connected line change.
> 2290					 */
> 2291					topology_change_request = !ast_stream_topology_equal(active_media_state->topology, pending_media_state->topology);
> 2292	
> 2293					ast_trace(-1, "%s: Active media state exists and is%s equal to pending\n", ast_sip_session_get_name(session),
> 2294						topology_change_request ? " not" : "");
> 2295					ast_trace(-1, "%s: DP: %s\n", ast_sip_session_get_name(session), ast_str_tmp(256, ast_stream_topology_to_str(pending_media_state->topology, &STR_TMP)));
> (gdb) p active_media_state->topology
> $3 = (struct ast_stream_topology *) 0x0
> (gdb) 
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list