| Summary: | ASTERISK-24912: pjsip segmentation fault in pjmedia_sdp_attr_clone(../src/pjmedia/sdp.c:134) | ||||
| Reporter: | yaron nahum (yaronna) | Labels: | |||
| Date Opened: | 2015-03-26 04:44:32 | Date Closed: | 2015-03-30 05:55:24 | ||
| Priority: | Critical | Regression? | |||
| Status: | Closed/Complete | Components: | pjproject/pjsip | ||
| Versions: | 13.2.0 13.3.0 | Frequency of Occurrence | |||
| Related Issues: |
| ||||
| Environment: | Attachments: | ( 0) asteriks_crash_20150326.txt ( 1) back_trace_2015-03-26_10-22.txt ( 2) pjsip-sdp-initial.diff ( 3) sdp.c ( 4) uas_pjsip_reinvite_issue.xml | |||
| Description: | When dialing out from the asterisk to a BroadWorks user, the call is answered and transferred to another BroadWorks user with no consultation, asterisk gets the attached segmentation fault. I also attached debug during the crash.
The scenario on the asterisk is very simple - just receive the call, answer and then dial to the destination through the same peer. It is easily reproduced. I am trying to reproduce the issue with sipp, but haven't succeeded yet. If I will manage to do it I will attach the sipp script also. | ||||
| Comments: | By: yaron nahum (yaronna) 2015-03-26 04:46:57.692-0500 Attached backtrace and debug By: yaron nahum (yaronna) 2015-03-26 05:14:44.363-0500 Just remembered i made a tiny change in sdp.c - just suspected something was wrong in the attribute counter so I printed it. The crash occurred also before I made the change. The change is on line 701. I have attached my sdp.c file so that you would be able to track the correct lines from the backtrace. By: yaron nahum (yaronna) 2015-03-26 05:41:19.855-0500 I managed to reproduce the issue with sipp. I have attached the sipp scenaio. If you look at the sipp scenario you will see there are 3 re-invites - the first with sdp, the second without and the 3rd with sdp. On the ACK of the second re-invite there should be an SDP. I forgot to add on this ACK the Content-Type : application/sdp header. Once I added this header the crash occured, Seems to me that there is something wrong when receiving an SDP on an ACK message and then immidiately receiving another SDP on the re-Invite. By: Joshua C. Colp (jcolp) 2015-03-26 08:36:46.829-0500 This is a patch (for pjproject) which should resolve the issue. Please apply it, build, install, and retest. I've tested here and it seems to work. If all is well I'll push it upstream. By: yaron nahum (yaronna) 2015-03-29 00:05:23.891-0500 Thank you Joshua !!!! You are amazing !!!! It works. By: Joshua C. Colp (jcolp) 2015-03-29 11:21:30.476-0500 I've sent this off to Teluu for inclusion into pjproject. By: Joshua C. Colp (jcolp) 2015-03-30 05:55:25.071-0500 This has been logged at https://trac.pjsip.org/repos/ticket/1834 and fixed in upstream as of revision 5040. It has also been pulled into github as revision 9c15d6d3ed748a9915701b238895f43e26cb652b. | ||||