Summary: | ASTERISK-22897: WebSocket connection from JsSIP or SIPML5 generate a segmentation fault(core dumped) | ||
Reporter: | Max E. Reyes Vera J. (navaismo) | Labels: | |
Date Opened: | 2013-11-22 13:02:22.000-0600 | Date Closed: | 2013-12-01 13:58:27.000-0600 |
Priority: | Minor | Regression? | |
Status: | Closed/Complete | Components: | Resources/res_pjsip |
Versions: | 12.0.0-beta1 | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | Fedora 17, Linux version 3.8.11-100.fc17.x86_64 | Attachments: | ( 0) backtrace.txt ( 1) backtrace.txt |
Description: | Every time a websocket connection came from jssip or sipml5 asterisk crashes with the core dumped
Here is the output of the backtrace--->http://pastebin.com/48gRGM4f Note: Asterisk was compiled with debugh_threads,better_backtraces and dont_optimize however there is the value <optimized out> in the backtrace. | ||
Comments: | By: Max E. Reyes Vera J. (navaismo) 2013-11-22 13:03:38.799-0600 Attaching backtrace. By: Matt Jordan (mjordan) 2013-11-22 13:25:09.539-0600 I'm fairly sure that the code used by {{security_events}} is not going to work finding out whether or not a WS/WSS transport is in use: {noformat} static int find_transport_in_use(void *obj, void *arg, int flags) { struct ast_sip_transport *transport = obj; pjsip_rx_data *rdata = arg; if ((transport->state->transport == rdata->tp_info.transport) || (transport->state->factory && !pj_strcmp(&transport->state->factory->addr_name.host, &rdata->tp_info.transport->local_name.host) && transport->state->factory->addr_name.port == rdata->tp_info.transport->local_name.port)) { return CMP_MATCH | CMP_STOP; } return 0; } {noformat} Regardless, we shouldn't just dereference a NULL pointer. If the transport is unknown, it should just return "unknown". By: Joshua C. Colp (jcolp) 2013-11-28 13:20:59.508-0600 A fix for this is now up for review at https://reviewboard.asterisk.org/r/3036/ By: Max E. Reyes Vera J. (navaismo) 2013-11-28 14:28:52.427-0600 Hi thanks Joshua, already patched with the provided code and its working fine until I execute the pjsip qualify <endpoint> it provoque a core dumped again, but I'm not sure if that apply as the same issue. Here is the cli output(I'm not attaching the new backtrace since I don't know if this is a "new issue" or not). *CLI> pjsip qualify 5001 Sending qualify to endpoint 5001 contact sip:5001@10.0.1.102:36357;transport=ws;rtcweb-breaker=yes <--- Transmitting SIP request (487 bytes) to WS:10.0.1.102:36357 ---> OPTIONS sip:5001@10.0.1.102:36357;transport=ws;rtcweb-breaker=yes SIP/2.0 Via: SIP/2.0/WS 10.0.1.102:36357;rport;branch=z9hG4bKPjb53060a6-e271-4bfa-a8de-e62286cf125f From: <sip:4710dba4-729b-4d8a-b827-46719092cd99@Airo-Shaka>;tag=709ca5ad-c301-44f6-8575-34d6dc527ecf To: <sip:5001@10.0.1.102;rtcweb-breaker=yes> Contact: <sip:4710dba4-729b-4d8a-b827-46719092cd99@Airo-Shaka:5060;transport=WS> Call-ID: 6d636ef6-f1bf-464e-9111-a5a869763082 CSeq: 1432 OPTIONS Content-Length: 0 contact sip:vf9s9h5p@10.0.1.102:35493;transport=ws [Nov 28 14:22:14] WARNING[8485]: pjsip:0 <?>: tsx0x7f7cc804c .Failed to send Request msg OPTIONS/cseq=23037 (tdta0x7f7cc8039a50)! err=171060 (Unsupported transport (PJSIP_EUNSUPTRANSPORT)) [Nov 28 14:22:14] ERROR[8485]: res_pjsip/pjsip_options.c:267 qualify_contact: Unable to send request to qualify contact sip:vf9s9h5p@10.0.1.102:35493;transport=ws [Nov 28 14:22:14] ERROR[8485]: astobj2.c:166 INTERNAL_OBJ: bad magic number for object 0x7f7cc806ed70. Object is likely destroyed. *CLI> asterisk: ../src/pj/os_core_unix.c:1287: pj_mutex_unlock: Assertion `mutex->owner == pj_thread_this()' failed. Aborted (core dumped) By: Max E. Reyes Vera J. (navaismo) 2013-11-28 14:59:27.138-0600 Now asterisk can't start with the following(note that transport and endpoints still the same, I haven't made changes to those values): asterisk: ../src/pjsip/sip_transport.c:281: pjsip_transport_get_type_from_name: Assertion `!"Invalid transport name"' failed. [Nov 28 14:54:37] NOTICE[9368]: res_pjsip/pjsip_distributor.c:246 log_unidentified_request: Request from '"test" <sip:5000@10.0.1.102>' failed for '10.0.1.110:5063' (callid: 1443846940@10.0.1.110) - No matching endpoint found Aborted (core dumped) Attaching second backtrace. By: Joshua C. Colp (jcolp) 2013-11-28 15:10:51.154-0600 The qualify issues are a result of the OPTIONS code, unrelated to WebSocket. It just exposed it. I'll fix them. The second is also a result of the WebSocket code, so I'll fix that as well. By: Joshua C. Colp (jcolp) 2013-11-28 15:17:00.217-0600 Review updated. By: Max E. Reyes Vera J. (navaismo) 2013-12-02 18:26:28.426-0600 Thanks a lot. |