[Asterisk-Dev] Is this a BUG?? Please I need help in this

Jose R. Ortiz Ubarri cheo at hpcf.upr.edu
Fri Mar 18 12:09:58 MST 2005


Here is a backtrace of a Segmentation Fault I am getting when running 
Asterisk in FC 3 with the realtime module.

(gdb) backtrace
#0  0x007642b8 in strcasecmp () from /lib/tls/libc.so.6
#1  0xf6eb58c0 in build_peer (name=0x0, v=0x95fa370, realtime=0)
   at chan_sip.c:9255
#2  0xf6eb67b0 in find_peer (peer=0x0, sin=0x9642fd4, realtime=1)
   at chan_sip.c:1222
#3  0xf6ebea77 in check_user_full (p=0x9642e78, req=0xf6e9bb50,
   cmd=0xf6e9bd64 "SUBSCRIBE", uri=0xf6e9bd6e 
"sip:1002 at XXX.XXX.XXX.XXX:5060",
   reliable=0, sin=0xf6e9bb40, ignore=0, mailbox=0xf6e920a0 "",
   mailboxlen=106) at chan_sip.c:5844
#4  0xf6ec3129 in handle_request (p=0x9642e78, req=0xf6e9bb50, 
sin=0xf6e9bb40,
   recount=0x6a, nounlock=0xf6e9b9c8) at chan_sip.c:8384
#5  0xf6ec5281 in sipsock_read (id=0x960dc50, fd=13, events=1, ignore=0x0)
   at chan_sip.c:8598
#6  0x0805378f in ast_io_wait (ioc=0x960dc10, howlong=106) at io.c:267
#7  0xf6ec89b2 in do_monitor (data=0x0) at chan_sip.c:8745
#8  0x008661d5 in start_thread () from /lib/tls/libpthread.so.0
#9  0x007c02da in clone () from /lib/tls/libc.so.6
(gdb)

I replaced my ip with the XXX.XXX.XXX.XXX.  But it is my server ip.

==============================================================================================================================

Here is what is happening in the calls:

We call find peer with the first parameter NULL
peer = find_peer(NULL, &p->recv, 1);


find_peer function tries to assign p.  If p=NULL we send the peer 
variable to realtime which in the previous call was a NULL variable.
/*--- find_peer: Locate peer by name or ip address */
static struct sip_peer *find_peer(const char *peer, struct sockaddr_in 
*sin, int realtime)
{
    struct sip_peer *p = NULL;

    if (peer)
        p = ASTOBJ_CONTAINER_FIND(&peerl,peer);
    else
        p = 
ASTOBJ_CONTAINER_FIND_FULL(&peerl,sin,name,sip_addr_hashfunc,1,sip_addrcmp);

    if (!p && realtime) {
        p = realtime_peer(peer, sin);
    }

    return(p);
}


In this code without doing any change to the peername variable we call 
build_peer with peername = NULL

static struct sip_peer *realtime_peer(const char *peername, struct 
sockaddr_in *sin)
{
    struct sip_peer *peer=NULL;
    struct ast_variable *var;
    struct ast_variable *tmp;

    /* First check on peer name */
    if (peername)
        var = ast_load_realtime("sippeers", "name", peername, NULL);
    else if (sin) {    /* Then check on IP address */
        char iabuf[80];

        ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr);
        var = ast_load_realtime("sippeers", "ipaddr", iabuf, NULL);
    } else
        return NULL;

    if (!var)
        return NULL;

    tmp = var;
    /* If this is type=user, then skip this object. */
    while(tmp) {
        if (!strcasecmp(tmp->name, "type") &&
            !strcasecmp(tmp->value, "user")) {
            ast_variables_destroy(var);
            return NULL;
        }
        tmp = tmp->next;
    }

    peer = build_peer(peername, var, 
ast_test_flag((&global_flags_page2), SIP_PAGE2_RTCACHEFRIENDS) ? 0 : 1);

Then Here we call ASTOBJ_CONTAINER_FIND_UNLINK(&peerl, name) with name = 
NULL, because name was previously peername = NULL

static struct sip_peer *build_peer(const char *name, struct ast_variable 
*v, int realtime)
{
    struct sip_peer *peer = NULL;
    struct ast_ha *oldha = NULL;
    int maskfound=0;
    int obproxyfound=0;
    int found=0;
    int format=0;        /* Ama flags */
    time_t regseconds;
    char *varname = NULL, *varval = NULL;/
    struct ast_variable *tmpvar = NULL;

    if (!realtime)
        /* Note we do NOT use find_peer here, to avoid realtime recursion */
        peer = ASTOBJ_CONTAINER_FIND_UNLINK(&peerl, name);


This macro makes a comparison of a Null variable, which leads to the 
segmentation fault.
#define ASTOBJ_CONTAINER_FIND_UNLINK(container,namestr) \
    ({ \
        typeof((container)->head) found = NULL; \
        typeof((container)->head) prev = NULL; \
        ASTOBJ_CONTAINER_TRAVERSE(container, !found, do { \
            if (!(strcasecmp(iterator->name, (namestr)))) { \
                found = iterator; \
                found->next[0] = NULL; \
                ASTOBJ_CONTAINER_WRLOCK(container); \
                if (prev) \
                    prev->next[0] = next; \
                else \
                    (container)->head = next; \
                ASTOBJ_CONTAINER_UNLOCK(container); \
            } \
            prev = iterator; \
        } while (0)); \
        found; \
    })

=======================================================================================================================================

I also noticed that to be in find_peer realtime=1 because we called 
find_peer with 1 in the parameter.  But then in buil_peer  
ASTOBJ_CONTAINER_FIND_UNLINK is called because realtime = 0. It is 0 
because of ast_test_flag((&global_flags_page2), 
SIP_PAGE2_RTCACHEFRIENDS) ? 0 : 1);

Please any help, miss configuration from my part, whatever.... Let me 
know...

--
JO



-- 
Jose R. Ortiz Ubarri (CHEO), CS
System Administrator / Programmer
High Performance Computing facility - UPR
Email: Jose.Ortiz at hpcf.upr.edu|cheo at hpcf.upr.edu
Phone: 787-758-3054
Fax: 787-758-3058




More information about the asterisk-dev mailing list