[Asterisk-code-review] res pjsip rfc3326.c: Fix crash when channel goes away. (asterisk[master])

Richard Mudgett asteriskteam at digium.com
Mon Nov 16 14:08:35 CST 2015 

Richard Mudgett has posted comments on this change.

Change subject: res_pjsip_rfc3326.c: Fix crash when channel goes away.
......................................................................


Patch Set 1:

Unfortunately PJPROJECT is generating the BYE message as a result of a transaction state transition within PJPROJECT.  Below is the backtrace:

{quote}
Thread 1 (Thread 12884):
#0  0x0811ee37 in ast_channel_hangupcause (chan=0x0) at channel_internal_api.c:619
#1  0x0335bdad in rfc3326_add_reason_header (session=0xa7d2efd0, tdata=0x85688b04) at res_pjsip_rfc3326.c:97
#2  0x0335be5b in rfc3326_outgoing_request (session=0xa7d2efd0, tdata=0x85688b04) at res_pjsip_rfc3326.c:110
#3  0x0091f4d0 in handle_outgoing_request (session=0xa7d2efd0, tdata=0x85688b04) at res_pjsip_session.c:2251
#4  0x0091f73c in handle_outgoing (session=0xa7d2efd0, tdata=0x85688b04) at res_pjsip_session.c:2277
#5  0x0091fb6b in session_inv_on_tsx_state_changed (inv=0xa7d2e704, tsx=0x85689b0c, e=0xb745ae6c) at res_pjsip_session.c:2427
#6  0x00456f67 in mod_inv_on_tsx_state (tsx=0x85689b0c, e=0xb745ae6c) at ../src/pjsip-ua/sip_inv.c:699
#7  0x00638837 in pjsip_dlg_on_tsx_state (dlg=0xa7d2d53c, tsx=0x85689b0c, e=0xb745ae6c) at ../src/pjsip/sip_dialog.c:2013
#8  0x006391d1 in mod_ua_on_tsx_state (tsx=0x85689b0c, e=0xb745ae6c) at ../src/pjsip/sip_ua_layer.c:178
#9  0x0063031d in tsx_set_state (tsx=0x85689b0c, state=PJSIP_TSX_STATE_CALLING, event_src_type=PJSIP_EVENT_TX_MSG, event_src=0x85688b04) at ../src/pjsip/sip_transaction.c:1213
#10 0x00632821 in tsx_on_state_null (tsx=0x85689b0c, event=0xb745aee0) at ../src/pjsip/sip_transaction.c:2388
#11 0x0063132a in pjsip_tsx_send_msg (tsx=0x85689b0c, tdata=0x85688b04) at ../src/pjsip/sip_transaction.c:1737
#12 0x00636ef3 in pjsip_dlg_send_request (dlg=0xa7d2d53c, tdata=0x85688b04, mod_data_id=12, mod_data=0xa7d3a3c8) at ../src/pjsip/sip_dialog.c:1235
#13 0x0045bb76 in pjsip_inv_send_msg (inv=0xa7d2e704, tdata=0x85688b04) at ../src/pjsip-ua/sip_inv.c:3110
#14 0x0045d00d in handle_uac_tsx_response (inv=0xa7d2e704, e=0xb745b11c) at ../src/pjsip-ua/sip_inv.c:3848
#15 0x0045ef1e in inv_on_state_confirmed (inv=0xa7d2e704, e=0xb745b11c) at ../src/pjsip-ua/sip_inv.c:5009
#16 0x00456edf in mod_inv_on_tsx_state (tsx=0xa6aca3fc, e=0xb745b11c) at ../src/pjsip-ua/sip_inv.c:677
#17 0x00638837 in pjsip_dlg_on_tsx_state (dlg=0xa7d2d53c, tsx=0xa6aca3fc, e=0xb745b11c) at ../src/pjsip/sip_dialog.c:2013
#18 0x006391d1 in mod_ua_on_tsx_state (tsx=0xa6aca3fc, e=0xb745b11c) at ../src/pjsip/sip_ua_layer.c:178
#19 0x0063031d in tsx_set_state (tsx=0xa6aca3fc, state=PJSIP_TSX_STATE_TERMINATED, event_src_type=PJSIP_EVENT_TIMER, event_src=0xa6aca514) at ../src/pjsip/sip_transaction.c:1213
#20 0x0063297f in tsx_on_state_calling (tsx=0xa6aca3fc, event=0xb745b1a4) at ../src/pjsip/sip_transaction.c:2429
#21 0x0063014e in tsx_timer_callback (theap=0xb66b842c, entry=0xa6aca514) at ../src/pjsip/sip_transaction.c:1156
#22 0x0087b865 in pj_timer_heap_poll (ht=0xb66b842c, next_delay=0xb745b2a8) at ../src/pj/timer.c:643
#23 0x006158b1 in pjsip_endpt_handle_events2 (endpt=0xb66b8274, max_timeout=0xb745b308, p_count=0x0) at ../src/pjsip/sip_endpoint.c:712
#24 0x00615a05 in pjsip_endpt_handle_events (endpt=0xb66b8274, max_timeout=0xb745b308) at ../src/pjsip/sip_endpoint.c:769
#25 0x00892e13 in monitor_thread_exec (endpt=0x0) at res_pjsip.c:3607
#26 0x00864f03 in thread_main (param=0xb66c3e84) at ../src/pj/os_core_unix.c:541
#27 0x0070e96e in start_thread (arg=0xb745bb70) at pthread_create.c:300
#28 0x0036051e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
{quote}

The BYE message is created by handle_uac_tsx_response() in the middle of the thread's backtrace.  At that point it has not even passed into code we control.  It only passes into code we control when we are adding additional headers to BYE like "Reason".

-- 
To view, visit https://gerrit.asterisk.org/1626
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I866388d2b97ea2032eaae3f3ab3f1ca6cbd2df89
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>
Gerrit-Reviewer: Matt Jordan <mjordan at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-HasComments: No

More information about the asterisk-code-review mailing list