[asterisk-dev] Segfault because RTP frame datalen negative

Joshua C. Colp jcolp at sangoma.com
Fri Jan 31 05:21:21 CST 2020

On Fri, Jan 31, 2020 at 3:06 AM Mohit Dhiman <mohitdhiman736 at gmail.com>

> Hi,
> I'm trying to debug a segfault in ast_frdup which happened because of the
> negative datalen of the ast_frame for frame type AST_FRAME_TEXT.
> My question is that how an RTP frame in categorized as of type TEXT
> because I can only see two types of RTP payload in network capture (not of
> the time of segfault)
> one is G-711 ulaw and the other is Payload Type 106 (not defined in SDP).
> This Payload 106 is received at the start of the RTP stream and is
> received only once in an RTP stream.
> My other question is how the datalen gets calculated for an RTP frame and
> what could be the possible reason for this to come out negative for it
> should never be negative as confirmed by Joshua on Asterisk Community Forum.
> It would be a great help if anybody could help me figure this out.

What version of Asterisk is in use?

Otherwise the code itself that interprets RTP packets is
ast_rtp_interpret[1] in res_rtp_asterisk.c. Adding log messages or reading
that would probably yield information.


Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20200131/28d66b71/attachment.html>

More information about the asterisk-dev mailing list