| Summary: | ASTERISK-24963: ASAN: heap-use-after-free with PJSIP and WSS | ||
| Reporter: | Badalian Vyacheslav (slavon) | Labels: | |
| Date Opened: | 2015-04-14 09:39:55 | Date Closed: | 2015-06-10 12:23:37 |
| Priority: | Critical | Regression? | |
| Status: | Closed/Complete | Components: | pjproject/pjsip Resources/res_http_websocket |
| Versions: | 13.3.2 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | {code}
[2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154' into... [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port ''. [2015-04-14 18:04:38] DEBUG[12724]: taskprocessor.c:484 tps_taskprocessor_destroy: destroying taskprocessor 'd16a4163-0dfb-43ab-a3ca-c8753979582f' [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154' into... [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port ''. == WebSocket connection from '172.30.0.154:49296' closed ================================================================= ==12652==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000156f94 at pc 0x4956e0 bp 0x7f13ab4c86a0 sp 0x7f13ab4c8698 READ of size 4 at 0x612000156f94 thread T29 [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:49296' into... [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '49296'. [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:49296' into... [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '49296'. #0 0x4956df in INTERNAL_OBJ /home/obs/asterisk-13.3.2/main/astobj2.c:121 #1 0x4957b9 in __ao2_lock /home/obs/asterisk-13.3.2/main/astobj2.c:151 #2 0x7f13b5414a90 in __ast_websocket_write /home/obs/asterisk-13.3.2/res/res_http_websocket.c:303 #3 0x7f139d199352 in ws_send_msg /home/obs/asterisk-13.3.2/res/res_pjsip_transport_websocket.c:67 #4 0x7f13b973d473 in pjsip_transport_send (/usr/lib/libpjsip.so.2+0x1e473) #5 0x7f13b973b104 in pjsip_endpt_send_response (/usr/lib/libpjsip.so.2+0x1c104) #6 0x7f13b973b1eb in pjsip_endpt_send_response2 (/usr/lib/libpjsip.so.2+0x1c1eb) #7 0x7f13b589f424 in authenticate res_pjsip/pjsip_distributor.c:317 #8 0x7f13b973833a in pjsip_endpt_process_rx_data (/usr/lib/libpjsip.so.2+0x1933a) #9 0x7f13b589e0dc in distribute res_pjsip/pjsip_distributor.c:348 #10 0x7c9a37 in ast_taskprocessor_execute /home/obs/asterisk-13.3.2/main/taskprocessor.c:769 #11 0x7d9a50 in threadpool_execute /home/obs/asterisk-13.3.2/main/threadpool.c:351 #12 0x7dce68 in worker_active /home/obs/asterisk-13.3.2/main/threadpool.c:1075 #13 0x7dca5c in worker_start /home/obs/asterisk-13.3.2/main/threadpool.c:995 #14 0x7f9646 in dummy_start /home/obs/asterisk-13.3.2/main/utils.c:1232 #15 0x31a3e079d0 in start_thread (/lib64/libpthread.so.0+0x31a3e079d0) #16 0x31a36e88fc in clone (/lib64/libc.so.6+0x31a36e88fc) 0x612000156f94 is located 106790068246580 bytes inside {code} | ||
| Comments: | By: Badalian Vyacheslav (slavon) 2015-04-14 09:46:25.518-0500 Another one place in simple call to WSS {code}[2015-04-14 17:56:43] DEBUG[12119]: threadpool.c:968 worker_thread_destroy: Destroying worker thread 1 [2015-04-14 17:56:43] DEBUG[12123]: threadpool.c:1107 worker_idle: Worker thread idle timeout reached. Dying. [2015-04-14 17:56:43] DEBUG[12119]: threadpool.c:968 worker_thread_destroy: Destroying worker thread 2 [2015-04-14 17:56:46] DEBUG[12147]: pjsip:0 <?>: sip_endpoint.c Processing incoming message: Request msg REGISTER/cseq=83 (rdata0x62200000da80) [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:65511' into... [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '65511'. [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:65511' into... [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '65511'. [2015-04-14 17:56:46] DEBUG[12147]: res_pjsip_transport_websocket.c:333 websocket_on_rx_msg: Re-wrote Contact URI host/port to 172.30.0.154:65511 [2015-04-14 17:56:46] DEBUG[12147]: pjsip:0 <?>: sip_endpoint.c Distributing rdata to modules: Request msg REGISTER/cseq=83 (rdata0x62500003c128) [2015-04-14 17:56:46] DEBUG[12147]: res_pjsip_endpoint_identifier_ip.c:128 ip_identify: No identify sections to match against [2015-04-14 17:56:46] DEBUG[12147]: res_pjsip_endpoint_identifier_user.c:104 username_identify: Retrieved endpoint user66_stub [2015-04-14 17:56:46] DEBUG[12147]: pjsip:0 <?>: endpoint .Response msg 401/REGISTER/cseq=83 (tdta0x621000074500) created [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154' into... [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port ''. [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154' into... [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port ''. [2015-04-14 17:56:46] DEBUG[12190]: taskprocessor.c:484 tps_taskprocessor_destroy: destroying taskprocessor '50868fb1-ad83-47be-bb17-f52d3655a755' [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:65511' into... [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '65511'. [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:65511' into... [2015-04-14 17:56:46] DEBUG[12147]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '65511'. == WebSocket connection from '172.30.0.154:65511' closed ================================================================= ==12117==ERROR: AddressSanitizer: heap-use-after-free on address 0x62200000da80 at pc 0x7f72a5266ca6 bp 0x7f72ba4a3b50 sp 0x7f72ba4a3b48 READ of size 8 at 0x62200000da80 thread T34 #0 0x7f72a5266ca5 in ws_destroy /home/obs/asterisk-13.3.2/res/res_pjsip_transport_websocket.c:93 #1 0x7f72c1b7f575 in destroy_transport (/usr/lib/libpjsip.so.2+0x1d575) #2 0x7f72c1b81b1e in pjsip_transport_destroy (/usr/lib/libpjsip.so.2+0x1fb1e) #3 0x7f72c024cc96 in pj_timer_heap_poll (/usr/lib/libpj.so.2+0x1dc96) #4 0x7f72c1b7b0ca in pjsip_endpt_handle_events2 (/usr/lib/libpjsip.so.2+0x190ca) #5 0x7f72bdcc0356 in monitor_thread_exec /home/obs/asterisk-13.3.2/res/res_pjsip.c:3170 #6 0x7f72c023ddf5 in thread_main (/usr/lib/libpj.so.2+0xedf5) #7 0x31a3e079d0 in start_thread (/lib64/libpthread.so.0+0x31a3e079d0) #8 0x31a36e88fc in clone (/lib64/libc.so.6+0x31a36e88fc) 0x62200000da80 is located 107889578525472 bytes inside {code} By: Badalian Vyacheslav (slavon) 2015-04-14 10:18:40.534-0500 50 calls was in test. Every time only this two heap-use-after-free. By: Badalian Vyacheslav (slavon) 2015-04-14 10:43:10.540-0500 Debug from valgrind. {code} ==8424== Thread 35: ==8424== Invalid read of size 8 ==8424== at 0x273FEAB0: ws_destroy (res_pjsip_transport_websocket.c:93) ==8424== by 0xC0F0575: destroy_transport (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0F2B1E: pjsip_transport_destroy (in /usr/lib/libpjsip.so.2) ==8424== by 0xDA40C96: pj_timer_heap_poll (in /usr/lib/libpj.so.2) ==8424== by 0xC0EC0CA: pjsip_endpt_handle_events2 (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCE97D7: monitor_thread_exec (res_pjsip.c:3170) ==8424== by 0xDA31DF5: thread_main (in /usr/lib/libpj.so.2) ==8424== by 0x31A3E079D0: start_thread (in /lib64/libpthread-2.12.so) ==8424== by 0x31A36E88FC: clone (in /lib64/libc-2.12.so) ==8424== Address 0x8af00f0 is 384 bytes inside a block of size 5,632 free'd ==8424== at 0x4A06430: free (vg_replace_malloc.c:446) ==8424== by 0xDA387DA: reset_pool (in /usr/lib/libpj.so.2) ==8424== by 0xDA39244: cpool_release_pool (in /usr/lib/libpj.so.2) ==8424== by 0x273FEAAF: ws_destroy (res_pjsip_transport_websocket.c:91) ==8424== by 0xC0F0575: destroy_transport (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0F2B1E: pjsip_transport_destroy (in /usr/lib/libpjsip.so.2) ==8424== by 0xDA40C96: pj_timer_heap_poll (in /usr/lib/libpj.so.2) ==8424== by 0xC0EC0CA: pjsip_endpt_handle_events2 (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCE97D7: monitor_thread_exec (res_pjsip.c:3170) ==8424== by 0xDA31DF5: thread_main (in /usr/lib/libpj.so.2) ==8424== by 0x31A3E079D0: start_thread (in /lib64/libpthread-2.12.so) ==8424== by 0x31A36E88FC: clone (in /lib64/libc-2.12.so) ==8424== ==8424== Invalid read of size 8 ==8424== at 0x273FEABC: ws_destroy (res_pjsip_transport_websocket.c:94) ==8424== by 0xC0F0575: destroy_transport (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0F2B1E: pjsip_transport_destroy (in /usr/lib/libpjsip.so.2) ==8424== by 0xDA40C96: pj_timer_heap_poll (in /usr/lib/libpj.so.2) ==8424== by 0xC0EC0CA: pjsip_endpt_handle_events2 (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCE97D7: monitor_thread_exec (res_pjsip.c:3170) ==8424== by 0xDA31DF5: thread_main (in /usr/lib/libpj.so.2) ==8424== by 0x31A3E079D0: start_thread (in /lib64/libpthread-2.12.so) ==8424== by 0x31A36E88FC: clone (in /lib64/libc-2.12.so) ==8424== Address 0x8af0078 is 264 bytes inside a block of size 5,632 free'd ==8424== at 0x4A06430: free (vg_replace_malloc.c:446) ==8424== by 0xDA387DA: reset_pool (in /usr/lib/libpj.so.2) ==8424== by 0xDA39244: cpool_release_pool (in /usr/lib/libpj.so.2) ==8424== by 0x273FEAAF: ws_destroy (res_pjsip_transport_websocket.c:91) ==8424== by 0xC0F0575: destroy_transport (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0F2B1E: pjsip_transport_destroy (in /usr/lib/libpjsip.so.2) ==8424== by 0xDA40C96: pj_timer_heap_poll (in /usr/lib/libpj.so.2) ==8424== by 0xC0EC0CA: pjsip_endpt_handle_events2 (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCE97D7: monitor_thread_exec (res_pjsip.c:3170) ==8424== by 0xDA31DF5: thread_main (in /usr/lib/libpj.so.2) ==8424== by 0x31A3E079D0: start_thread (in /lib64/libpthread-2.12.so) ==8424== by 0x31A36E88FC: clone (in /lib64/libc-2.12.so) ==8424== == WebSocket connection from '172.30.0.154:50028' for protocol 'sip' accepted using version '13' -- Added contact 'sip:6euofb7d@172.30.0.154:50028;transport=wss' to AOR 'user66_stub' with expiration of 3600 seconds == WebSocket connection from '172.30.0.154:50028' closed ==8424== Thread 6: ==8424== Invalid read of size 4 ==8424== at 0x45A34D: INTERNAL_OBJ (astobj2.c:121) ==8424== by 0x45A422: __ao2_lock (astobj2.c:151) ==8424== by 0x1013107C: __ast_websocket_write (res_http_websocket.c:303) ==8424== by 0x273FE7A9: ws_send_msg (res_pjsip_transport_websocket.c:67) ==8424== by 0xC0F1473: pjsip_transport_send (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF104: pjsip_endpt_send_response (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF1EB: pjsip_endpt_send_response2 (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFBD0C: authenticate (pjsip_distributor.c:317) ==8424== by 0xC0EC33A: pjsip_endpt_process_rx_data (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFB476: distribute (pjsip_distributor.c:348) ==8424== by 0x5DF239: ast_taskprocessor_execute (taskprocessor.c:769) ==8424== by 0x5E6274: threadpool_execute (threadpool.c:351) ==8424== Address 0x1aa3d454 is 84 bytes inside a block of size 288 free'd ==8424== at 0x4A06430: free (vg_replace_malloc.c:446) ==8424== by 0x45ABF9: internal_ao2_ref (astobj2.c:458) ==8424== by 0x45ACCD: __ao2_ref_debug (astobj2.c:484) ==8424== by 0x45AE93: __ao2_cleanup_debug (astobj2.c:519) ==8424== by 0x101312A3: __ast_websocket_unref (res_http_websocket.c:344) ==8424== by 0x273FF040: websocket_cb (res_pjsip_transport_websocket.c:308) ==8424== by 0x10132E0A: __ast_websocket_uri_cb (res_http_websocket.c:800) ==8424== by 0x52A82F: handle_uri (http.c:1480) ==8424== by 0x52B66E: httpd_process_request (http.c:1904) ==8424== by 0x52BAA1: httpd_helper_thread (http.c:1991) ==8424== by 0x5E0BB9: handle_tcptls_connection (tcptls.c:691) ==8424== by 0x5F34EE: dummy_start (utils.c:1232) ==8424== ==8424== Invalid read of size 4 ==8424== at 0x45A35B: INTERNAL_OBJ (astobj2.c:122) ==8424== by 0x45A422: __ao2_lock (astobj2.c:151) ==8424== by 0x1013107C: __ast_websocket_write (res_http_websocket.c:303) ==8424== by 0x273FE7A9: ws_send_msg (res_pjsip_transport_websocket.c:67) ==8424== by 0xC0F1473: pjsip_transport_send (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF104: pjsip_endpt_send_response (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF1EB: pjsip_endpt_send_response2 (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFBD0C: authenticate (pjsip_distributor.c:317) ==8424== by 0xC0EC33A: pjsip_endpt_process_rx_data (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFB476: distribute (pjsip_distributor.c:348) ==8424== by 0x5DF239: ast_taskprocessor_execute (taskprocessor.c:769) ==8424== by 0x5E6274: threadpool_execute (threadpool.c:351) ==8424== Address 0x1aa3d454 is 84 bytes inside a block of size 288 free'd ==8424== at 0x4A06430: free (vg_replace_malloc.c:446) ==8424== by 0x45ABF9: internal_ao2_ref (astobj2.c:458) ==8424== by 0x45ACCD: __ao2_ref_debug (astobj2.c:484) ==8424== by 0x45AE93: __ao2_cleanup_debug (astobj2.c:519) ==8424== by 0x101312A3: __ast_websocket_unref (res_http_websocket.c:344) ==8424== by 0x273FF040: websocket_cb (res_pjsip_transport_websocket.c:308) ==8424== by 0x10132E0A: __ast_websocket_uri_cb (res_http_websocket.c:800) ==8424== by 0x52A82F: handle_uri (http.c:1480) ==8424== by 0x52B66E: httpd_process_request (http.c:1904) ==8424== by 0x52BAA1: httpd_helper_thread (http.c:1991) ==8424== by 0x5E0BB9: handle_tcptls_connection (tcptls.c:691) ==8424== by 0x5F34EE: dummy_start (utils.c:1232) ==8424== ==8424== Invalid read of size 1 ==8424== at 0x10131081: __ast_websocket_write (res_http_websocket.c:304) ==8424== by 0x273FE7A9: ws_send_msg (res_pjsip_transport_websocket.c:67) ==8424== by 0xC0F1473: pjsip_transport_send (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF104: pjsip_endpt_send_response (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF1EB: pjsip_endpt_send_response2 (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFBD0C: authenticate (pjsip_distributor.c:317) ==8424== by 0xC0EC33A: pjsip_endpt_process_rx_data (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFB476: distribute (pjsip_distributor.c:348) ==8424== by 0x5DF239: ast_taskprocessor_execute (taskprocessor.c:769) ==8424== by 0x5E6274: threadpool_execute (threadpool.c:351) ==8424== by 0x5E7A9F: worker_active (threadpool.c:1075) ==8424== by 0x5E7840: worker_start (threadpool.c:995) ==8424== Address 0x1aa3d514 is 276 bytes inside a block of size 288 free'd ==8424== at 0x4A06430: free (vg_replace_malloc.c:446) ==8424== by 0x45ABF9: internal_ao2_ref (astobj2.c:458) ==8424== by 0x45ACCD: __ao2_ref_debug (astobj2.c:484) ==8424== by 0x45AE93: __ao2_cleanup_debug (astobj2.c:519) ==8424== by 0x101312A3: __ast_websocket_unref (res_http_websocket.c:344) ==8424== by 0x273FF040: websocket_cb (res_pjsip_transport_websocket.c:308) ==8424== by 0x10132E0A: __ast_websocket_uri_cb (res_http_websocket.c:800) ==8424== by 0x52A82F: handle_uri (http.c:1480) ==8424== by 0x52B66E: httpd_process_request (http.c:1904) ==8424== by 0x52BAA1: httpd_helper_thread (http.c:1991) ==8424== by 0x5E0BB9: handle_tcptls_connection (tcptls.c:691) ==8424== by 0x5F34EE: dummy_start (utils.c:1232) ==8424== ==8424== Invalid read of size 4 ==8424== at 0x45A34D: INTERNAL_OBJ (astobj2.c:121) ==8424== by 0x45A5CC: __ao2_unlock (astobj2.c:209) ==8424== by 0x101310B4: __ast_websocket_write (res_http_websocket.c:305) ==8424== by 0x273FE7A9: ws_send_msg (res_pjsip_transport_websocket.c:67) ==8424== by 0xC0F1473: pjsip_transport_send (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF104: pjsip_endpt_send_response (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF1EB: pjsip_endpt_send_response2 (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFBD0C: authenticate (pjsip_distributor.c:317) ==8424== by 0xC0EC33A: pjsip_endpt_process_rx_data (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFB476: distribute (pjsip_distributor.c:348) ==8424== by 0x5DF239: ast_taskprocessor_execute (taskprocessor.c:769) ==8424== by 0x5E6274: threadpool_execute (threadpool.c:351) ==8424== Address 0x1aa3d454 is 84 bytes inside a block of size 288 free'd ==8424== at 0x4A06430: free (vg_replace_malloc.c:446) ==8424== by 0x45ABF9: internal_ao2_ref (astobj2.c:458) ==8424== by 0x45ACCD: __ao2_ref_debug (astobj2.c:484) ==8424== by 0x45AE93: __ao2_cleanup_debug (astobj2.c:519) ==8424== by 0x101312A3: __ast_websocket_unref (res_http_websocket.c:344) ==8424== by 0x273FF040: websocket_cb (res_pjsip_transport_websocket.c:308) ==8424== by 0x10132E0A: __ast_websocket_uri_cb (res_http_websocket.c:800) ==8424== by 0x52A82F: handle_uri (http.c:1480) ==8424== by 0x52B66E: httpd_process_request (http.c:1904) ==8424== by 0x52BAA1: httpd_helper_thread (http.c:1991) ==8424== by 0x5E0BB9: handle_tcptls_connection (tcptls.c:691) ==8424== by 0x5F34EE: dummy_start (utils.c:1232) ==8424== ==8424== Invalid read of size 4 ==8424== at 0x45A35B: INTERNAL_OBJ (astobj2.c:122) ==8424== by 0x45A5CC: __ao2_unlock (astobj2.c:209) ==8424== by 0x101310B4: __ast_websocket_write (res_http_websocket.c:305) ==8424== by 0x273FE7A9: ws_send_msg (res_pjsip_transport_websocket.c:67) ==8424== by 0xC0F1473: pjsip_transport_send (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF104: pjsip_endpt_send_response (in /usr/lib/libpjsip.so.2) ==8424== by 0xC0EF1EB: pjsip_endpt_send_response2 (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFBD0C: authenticate (pjsip_distributor.c:317) ==8424== by 0xC0EC33A: pjsip_endpt_process_rx_data (in /usr/lib/libpjsip.so.2) ==8424== by 0xFCFB476: distribute (pjsip_distributor.c:348) ==8424== by 0x5DF239: ast_taskprocessor_execute (taskprocessor.c:769) ==8424== by 0x5E6274: threadpool_execute (threadpool.c:351) ==8424== Address 0x1aa3d454 is 84 bytes inside a block of size 288 free'd ==8424== at 0x4A06430: free (vg_replace_malloc.c:446) ==8424== by 0x45ABF9: internal_ao2_ref (astobj2.c:458) ==8424== by 0x45ACCD: __ao2_ref_debug (astobj2.c:484) ==8424== by 0x45AE93: __ao2_cleanup_debug (astobj2.c:519) ==8424== by 0x101312A3: __ast_websocket_unref (res_http_websocket.c:344) ==8424== by 0x273FF040: websocket_cb (res_pjsip_transport_websocket.c:308) ==8424== by 0x10132E0A: __ast_websocket_uri_cb (res_http_websocket.c:800) ==8424== by 0x52A82F: handle_uri (http.c:1480) ==8424== by 0x52B66E: httpd_process_request (http.c:1904) ==8424== by 0x52BAA1: httpd_helper_thread (http.c:1991) ==8424== by 0x5E0BB9: handle_tcptls_connection (tcptls.c:691) ==8424== by 0x5F34EE: dummy_start (utils.c:1232) ==8424== {code} | ||