[asterisk-bugs] [JIRA] (ASTERISK-29411) Crash in pjsip_msg_find_hdr_by_name

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Wed Feb 2 16:05:06 CST 2022 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=257951#comment-257951 ] 

Kevin Harwell edited comment on ASTERISK-29411 at 2/2/22 4:04 PM:
------------------------------------------------------------------

Tests with last version, we have the same problems:
{noformat}
!@!@!@! thread1.txt !@!@!@!

$1 = {si_signo = 11, si_errno = 0, si_code = 1, _sifields = {_pad = {33, 0 <repeats 27 times>}, _kill = {si_pid = 33, si_uid = 0}, _timer = {si_tid = 33, si_overrun = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = {si_pid = 33, si_uid = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 33, si_uid = 0, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x21}, _sigpoll = {si_band = 33, si_fd = 0}}}
Signal        Stop      Print   Pass to program Description
SIGSEGV       Yes       Yes     Yes             Segmentation fault

Thread 1 (Thread 0x7fd4f48d2700 (LWP 2756)):
#0  pj_stricmp (str1=str1 at entry=0x19, str2=str2 at entry=0x7fd4f48d1bc0) at ../include/pj/string_i.h:216
No locals.
#1  0x00007fdabbe25164 in pjsip_msg_find_hdr_by_name (msg=0x7fd88403ea80, name=name at entry=0x7fd4f48d1bc0, start=start at entry=0x0) at ../src/pjsip/sip_msg.c:362
        hdr = 0x1
        end = 0x7fd88403eaa8
#2  0x00007fda21e9778b in add_headers_to_message (headers=headers at entry=0x7fda220b9bc0 <request_headers>, tdata=0x7fd8843e9598) at res_pjsip/pjsip_global_headers.c:93
        name = {ptr = 0x7fd9b026f1aa "Max-Forwards", slen = 12}
        hdr = <optimized out>
        iter = 0x7fd9b026f140
        lock = 0x7fda220b9bc0 <request_headers>
        __PRETTY_FUNCTION__ = "add_headers_to_message"
#3  0x00007fda21e97843 in add_request_headers (tdata=<optimized out>) at res_pjsip/pjsip_global_headers.c:105
No locals.
#4  0x00007fdabbe2df76 in endpt_on_tx_msg (endpt=<optimized out>, tdata=0x7fd8843e9598) at ../src/pjsip/sip_endpoint.c:1116
        status = 0
        mod = 0x7fda220b8e40 <global_header_mod>
#5  0x00007fdabbe35120 in pjsip_transport_send (tr=0x7058c48, tdata=0x7fd8843e9598, addr=0x7fd8843e9788, addr_len=16, token=0x7fd88403f480, cb=0x7fdabbe2f730 <stateless_send_transport_cb>) at ../src/pjsip/sip_transport.c:931
        status = <optimized out>
#6  0x00007fdabbe2f8d0 in stateless_send_transport_cb (token=0x7fd88403f480, tdata=0x7fd8843e9598, sent=16) at ../src/pjsip/sip_util.c:1277
        cont = 1
        cur_addr = 0x7fd8843e9788
        cur_addr_len = 16
        via = 0x7fd88403eb90
        need_update_via = 1
#7  0x00007fdabbe2fc92 in stateless_send_resolver_callback (status=<optimized out>, token=0x7fd88403f480, addr=<optimized out>) at ../src/pjsip/sip_util.c:1378
        stateless_data = 0x7fd88403f480
        tdata = 0x7fd8843e9598
#8  0x00007fda21e7f374 in sip_resolve_invoke_user_callback (data=0x7fd884100eb8) at res_pjsip/pjsip_resolver.c:208
        __FUNCTION__ = "sip_resolve_invoke_user_callback"
        __PRETTY_FUNCTION__ = "sip_resolve_invoke_user_callback"
#9  0x000000000059e11e in ast_taskprocessor_execute (tps=tps at entry=0x7fda6c5ee4f0) at taskprocessor.c:1237
        local = {local_data = 0x7fd9ac2b6420, data = 0x7fda6c5ee4f0}
        t = 0x7fda4c01a4a0
        __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
{noformat}


was (Author: learbia):
Tests with last version, we have the same problems:

!@!@!@! thread1.txt !@!@!@!

$1 = {si_signo = 11, si_errno = 0, si_code = 1, _sifields = {_pad = {33, 0 <repeats 27 times>}, _kill = {si_pid = 33, si_uid = 0}, _timer = {si_tid = 33, si_overrun = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = {si_pid = 33, si_uid = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 33, si_uid = 0, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x21}, _sigpoll = {si_band = 33, si_fd = 0}}}
Signal        Stop      Print   Pass to program Description
SIGSEGV       Yes       Yes     Yes             Segmentation fault

Thread 1 (Thread 0x7fd4f48d2700 (LWP 2756)):
#0  pj_stricmp (str1=str1 at entry=0x19, str2=str2 at entry=0x7fd4f48d1bc0) at ../include/pj/string_i.h:216
No locals.
#1  0x00007fdabbe25164 in pjsip_msg_find_hdr_by_name (msg=0x7fd88403ea80, name=name at entry=0x7fd4f48d1bc0, start=start at entry=0x0) at ../src/pjsip/sip_msg.c:362
        hdr = 0x1
        end = 0x7fd88403eaa8
#2  0x00007fda21e9778b in add_headers_to_message (headers=headers at entry=0x7fda220b9bc0 <request_headers>, tdata=0x7fd8843e9598) at res_pjsip/pjsip_global_headers.c:93
        name = {ptr = 0x7fd9b026f1aa "Max-Forwards", slen = 12}
        hdr = <optimized out>
        iter = 0x7fd9b026f140
        lock = 0x7fda220b9bc0 <request_headers>
        __PRETTY_FUNCTION__ = "add_headers_to_message"
#3  0x00007fda21e97843 in add_request_headers (tdata=<optimized out>) at res_pjsip/pjsip_global_headers.c:105
No locals.
#4  0x00007fdabbe2df76 in endpt_on_tx_msg (endpt=<optimized out>, tdata=0x7fd8843e9598) at ../src/pjsip/sip_endpoint.c:1116
        status = 0
        mod = 0x7fda220b8e40 <global_header_mod>
#5  0x00007fdabbe35120 in pjsip_transport_send (tr=0x7058c48, tdata=0x7fd8843e9598, addr=0x7fd8843e9788, addr_len=16, token=0x7fd88403f480, cb=0x7fdabbe2f730 <stateless_send_transport_cb>) at ../src/pjsip/sip_transport.c:931
        status = <optimized out>
#6  0x00007fdabbe2f8d0 in stateless_send_transport_cb (token=0x7fd88403f480, tdata=0x7fd8843e9598, sent=16) at ../src/pjsip/sip_util.c:1277
        cont = 1
        cur_addr = 0x7fd8843e9788
        cur_addr_len = 16
        via = 0x7fd88403eb90
        need_update_via = 1
#7  0x00007fdabbe2fc92 in stateless_send_resolver_callback (status=<optimized out>, token=0x7fd88403f480, addr=<optimized out>) at ../src/pjsip/sip_util.c:1378
        stateless_data = 0x7fd88403f480
        tdata = 0x7fd8843e9598
#8  0x00007fda21e7f374 in sip_resolve_invoke_user_callback (data=0x7fd884100eb8) at res_pjsip/pjsip_resolver.c:208
        __FUNCTION__ = "sip_resolve_invoke_user_callback"
        __PRETTY_FUNCTION__ = "sip_resolve_invoke_user_callback"
#9  0x000000000059e11e in ast_taskprocessor_execute (tps=tps at entry=0x7fda6c5ee4f0) at taskprocessor.c:1237
        local = {local_data = 0x7fd9ac2b6420, data = 0x7fda6c5ee4f0}
        t = 0x7fda4c01a4a0
        __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"


> Crash in pjsip_msg_find_hdr_by_name
> -----------------------------------
>
>                 Key: ASTERISK-29411
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29411
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_nat
>    Affects Versions: 18.3.0
>            Reporter: LA
>            Assignee: Unassigned
>              Labels: pjsip
>         Attachments: core-brief.txt, core-info.txt, core-locks.txt, core-thread1.txt, Log_full_asterisk_complete.txt
>
>
> Link with original gdb https://drive.google.com/file/d/1TjoMHSIOnhJNg4Q8ytid5g0_SUzMKCrB/view?usp=sharing



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list