[asterisk-users] Asterisk 12 crashes on CANCEL received during ANSWER handlingl

[Yaron Nachum]

Hello Asterisk users and developers,
The last few weeks we had several crashes on live asterisks running
versions  12.2.0rc1 / 12.6.1 with PJPROJECT versions 2.1.0 / 2.2.1. We
opened a ticket - ASTERISK-24471.

After investigating the issue I can say that the scenario is a CANCEL being
received while handling ANSWER and before generating the 200OK response.

Looking at the core file we see that the problem is in
- pjsip/src/pjsip/sip_transaction.c line 3158 :
        PJ_ASSERT_RETURN(event->type == PJSIP_EVENT_TX_MSG &&
                         event->body.tx_msg.tdata == tsx->last_tx,
                         PJ_EINVALIDOP);

After investigating further I came to a conclusion that the second
expression fails (marked with yellow), and that causes the Asterisk to
crash.

I have already removed the expression and logged whenever this expression
fails. It seems to work fine. Since the change it the happened several
times, the application didn't crash and going over the debug it seems that
the call was handled fine.

Can anyone tell what is the purpose of this expression? Any explanation why
this expression fails in the above scenario?

Thanks,
Yaron.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20141112/0e6d5b52/attachment.html>