[asterisk-bugs] [JIRA] (ASTERISK-29411) Crash in pjsip_msg_find_hdr_by_name

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Fri Mar 25 11:37:06 CDT 2022 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=258485#comment-258485 ] 

Kevin Harwell edited comment on ASTERISK-29411 at 3/25/22 11:36 AM:
--------------------------------------------------------------------

What do you think?
{noformat}
!@!@!@! thread1.txt !@!@!@!

$1 = {si_signo = 11, si_errno = 0, si_code = 1, _sifields = {_pad = {1, 0 <repeats 27 times>}, _kill = {si_pid = 1, si_uid = 0}, _timer = {si_tid = 1, si_overrun = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = {si_pid = 1, si_uid = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 1, si_uid = 0, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x1}, _sigpoll = {si_band = 1, si_fd = 0}}}
Signal        Stop      Print   Pass to program Description
SIGSEGV       Yes       Yes     Yes             Segmentation fault

Thread 1 (Thread 0x7fb5a98ef700 (LWP 5307)):
#0  0x000000000045ec1c in __ao2_ref (user_data=0x5, delta=1, tag=tag at entry=0x0, file=file at entry=0x7fb682484452 "res_pjsip_session.c", line=3639, func=0x7fb682487f40 <__PRETTY_FUNCTION__.35305> "ast_sip_dialog_get_session") at astobj2.c:501
        obj = 0xffffffffffffffed
        current_value = -2109178048
        weakproxy = 0x7fb6e4245798
        __PRETTY_FUNCTION__ = "__ao2_ref"
#1  0x00007fb682483272 in ast_sip_dialog_get_session (dlg=<optimized out>) at res_pjsip_session.c:3639
        inv_session = <optimized out>
        session = 0x5
        __PRETTY_FUNCTION__ = "ast_sip_dialog_get_session"
#2  0x00007fb6824839a2 in session_outgoing_nat_hook (tdata=0x7fb4993af628, transport=0x7fb6e4245798) at res_pjsip_session.c:5486
        transport_state = 0x7fb6e4245c30
        hook = 0x0
        sdp_info = 0x7fb550843de8
        dlg = 0x7fb550843de8
        session = 0x0
        __FUNCTION__ = "session_outgoing_nat_hook"
        __PRETTY_FUNCTION__ = "session_outgoing_nat_hook"
#3  0x00007fb6822635d9 in nat_invoke_hook (obj=<optimized out>, arg=<optimized out>, flags=<optimized out>) at res_pjsip_nat.c:300
        hook = <optimized out>
        details = <optimized out>
#4  0x00000000004614dd in internal_ao2_traverse (self=self at entry=0x7fb5b13dc348, flags=flags at entry=OBJ_SEARCH_NONE, cb_fn=cb_fn at entry=0x7fb6822635c0 <nat_invoke_hook>, arg=arg at entry=0x7fb5a98eeb00, tag=tag at entry=0x0, file=file at entry=0x7fb6822649b9 "res_pjsip_nat.c", line=471, func=0x7fb682264e5e <__PRETTY_FUNCTION__.26624> "process_nat", type=AO2_CALLBACK_DEFAULT, data=0x0) at astobj2_container.c:328
        match = 3
        ret = 0x0
        cb_default = 0x7fb6822635c0 <nat_invoke_hook>
        node = 0x7fb5b02d45d8
        traversal_state = 0x7fb5a98ee9a0
        orig_lock = AO2_LOCK_REQ_MUTEX
        multi_container = 0x0
        multi_iterator = 0x0
#5  0x0000000000461965 in __ao2_callback (c=c at entry=0x7fb5b13dc348, flags=flags at entry=OBJ_SEARCH_NONE, cb_fn=cb_fn at entry=0x7fb6822635c0 <nat_invoke_hook>, arg=arg at entry=0x7fb5a98eeb00, tag=tag at entry=0x0, file=file at entry=0x7fb6822649b9 "res_pjsip_nat.c", line=471, func=0x7fb682264e5e <__PRETTY_FUNCTION__.26624> "process_nat") at astobj2_container.c:414
No locals.
{noformat}



was (Author: learbia):
What do you think?

!@!@!@! thread1.txt !@!@!@!

$1 = {si_signo = 11, si_errno = 0, si_code = 1, _sifields = {_pad = {1, 0 <repeats 27 times>}, _kill = {si_pid = 1, si_uid = 0}, _timer = {si_tid = 1, si_overrun = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = {si_pid = 1, si_uid = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 1, si_uid = 0, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x1}, _sigpoll = {si_band = 1, si_fd = 0}}}
Signal        Stop      Print   Pass to program Description
SIGSEGV       Yes       Yes     Yes             Segmentation fault

Thread 1 (Thread 0x7fb5a98ef700 (LWP 5307)):
#0  0x000000000045ec1c in __ao2_ref (user_data=0x5, delta=1, tag=tag at entry=0x0, file=file at entry=0x7fb682484452 "res_pjsip_session.c", line=3639, func=0x7fb682487f40 <__PRETTY_FUNCTION__.35305> "ast_sip_dialog_get_session") at astobj2.c:501
        obj = 0xffffffffffffffed
        current_value = -2109178048
        weakproxy = 0x7fb6e4245798
        __PRETTY_FUNCTION__ = "__ao2_ref"
#1  0x00007fb682483272 in ast_sip_dialog_get_session (dlg=<optimized out>) at res_pjsip_session.c:3639
        inv_session = <optimized out>
        session = 0x5
        __PRETTY_FUNCTION__ = "ast_sip_dialog_get_session"
#2  0x00007fb6824839a2 in session_outgoing_nat_hook (tdata=0x7fb4993af628, transport=0x7fb6e4245798) at res_pjsip_session.c:5486
        transport_state = 0x7fb6e4245c30
        hook = 0x0
        sdp_info = 0x7fb550843de8
        dlg = 0x7fb550843de8
        session = 0x0
        __FUNCTION__ = "session_outgoing_nat_hook"
        __PRETTY_FUNCTION__ = "session_outgoing_nat_hook"
#3  0x00007fb6822635d9 in nat_invoke_hook (obj=<optimized out>, arg=<optimized out>, flags=<optimized out>) at res_pjsip_nat.c:300
        hook = <optimized out>
        details = <optimized out>
#4  0x00000000004614dd in internal_ao2_traverse (self=self at entry=0x7fb5b13dc348, flags=flags at entry=OBJ_SEARCH_NONE, cb_fn=cb_fn at entry=0x7fb6822635c0 <nat_invoke_hook>, arg=arg at entry=0x7fb5a98eeb00, tag=tag at entry=0x0, file=file at entry=0x7fb6822649b9 "res_pjsip_nat.c", line=471, func=0x7fb682264e5e <__PRETTY_FUNCTION__.26624> "process_nat", type=AO2_CALLBACK_DEFAULT, data=0x0) at astobj2_container.c:328
        match = 3
        ret = 0x0
        cb_default = 0x7fb6822635c0 <nat_invoke_hook>
        node = 0x7fb5b02d45d8
        traversal_state = 0x7fb5a98ee9a0
        orig_lock = AO2_LOCK_REQ_MUTEX
        multi_container = 0x0
        multi_iterator = 0x0
#5  0x0000000000461965 in __ao2_callback (c=c at entry=0x7fb5b13dc348, flags=flags at entry=OBJ_SEARCH_NONE, cb_fn=cb_fn at entry=0x7fb6822635c0 <nat_invoke_hook>, arg=arg at entry=0x7fb5a98eeb00, tag=tag at entry=0x0, file=file at entry=0x7fb6822649b9 "res_pjsip_nat.c", line=471, func=0x7fb682264e5e <__PRETTY_FUNCTION__.26624> "process_nat") at astobj2_container.c:414
No locals.



> Crash in pjsip_msg_find_hdr_by_name
> -----------------------------------
>
>                 Key: ASTERISK-29411
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29411
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_nat
>    Affects Versions: 18.9.0, 19.1.0
>            Reporter: LA
>            Assignee: Kevin Harwell
>            Severity: Critical
>              Labels: patch, pjsip
>         Attachments: core-brief.txt, core-info.txt, core-locks.txt, core-thread1.txt, Log_full_asterisk_complete.txt, use_tdata_pool.diff
>
>
> Link with original gdb https://drive.google.com/file/d/1TjoMHSIOnhJNg4Q8ytid5g0_SUzMKCrB/view?usp=sharing



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list