Summary: | ASTERISK-25389: pjsip: crash on null uri in contact header | ||
Reporter: | Scott Griepentrog (sgriepentrog) | Labels: | |
Date Opened: | 2015-09-10 09:41:39 | Date Closed: | |
Priority: | Major | Regression? | |
Status: | Open/New | Components: | Resources/res_pjsip |
Versions: | 13.5.0 | Frequency of Occurrence | Occasional |
Related Issues: | |||
Environment: | Attachments: | ( 0) backtrace-core.9340.txt ( 1) full-log-core.9340.txt | |
Description: | On a memory constrained system (where malloc may fail), encountered a crash where pjsip_msg_find_hdr() returns a contact_hdr with null uri.
Backtrace and log attached. Issue can be reproduced with CHAOS_DEBUG (have encountered it twice). | ||
Comments: | By: Scott Griepentrog (sgriepentrog) 2015-09-10 09:42:29.786-0500 [^backtrace-core.9340.txt] [^full-log-core.9340.txt] By: Scott Griepentrog (sgriepentrog) 2015-09-10 09:48:36.113-0500 From https://gerrit.asterisk.org/#/c/1118/: Matt Jordan > I'm going to put a -1 on here to investigate if this is an issue in PJSIP. If it is, we should fix it there and push the patch upstream. Mark Michelson > I'm seconding the -1 here. Have a look at ASTERISK-25295 > There is currently a crash occurring sometimes in res_pjsip_path because of a NULL contact URI. On the surface, it seems like the fix you're implementing would fix that problem. However, the real issue here is that we created a contact header with a NULL URI in the first place. > If you want to see my analysis on that issue, have a look at https://issues.asterisk.org/jira/browse/ASTERISK-25295?focusedCommentId=227290&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-227290 > The proper fix is to catch parsing errors of URIs earlier so that we never try to send a malformed SIP response through the path module in the first place. |