Summary: | ASTERISK-27928: segfault in channel_read_pjsip, dereferencing chan | ||||
Reporter: | Simone Lazzaris (simone.lazzaris) | Labels: | pjsip | ||
Date Opened: | 2018-06-20 08:37:07 | Date Closed: | 2018-06-20 08:43:35 | ||
Priority: | Major | Regression? | No | ||
Status: | Closed/Complete | Components: | Channels/chan_pjsip | ||
Versions: | 13.14.1 | Frequency of Occurrence | Occasional | ||
Related Issues: |
| ||||
Environment: | Debian 9, installed from packages. | Attachments: | |||
Description: | Sporadically (i.e. maybe once a day) in a very busy server asterisk segfaults trying to dereference a null pointer.
It is similar, but not the same, to issue ASTERISK-26467. This is the backtrace from the core dump: #0 ast_channel_tech_pvt (chan=chan@entry=0x0) at channel_internal_api.c:756 #1 0x00007f6db93924e1 in channel_read_pjsip (chan=0x0, type=0x7f6db34a5836 "call-id", buf=0x7f6db34a5b30 "", buflen=128, field=<optimized out>) at pjsip/dialplan_functions.c:646 #2 0x00007f6db9392f19 in read_pjsip (data=0x7f6db34a5860) at pjsip/dialplan_functions.c:764 #3 0x00007f6df8d914b0 in sync_task (data=0x7f6db34a5770) at res_pjsip.c:3966 #4 0x000055e59d7510e8 in ast_taskprocessor_execute (tps=tps@entry=0x55e59fe9a720) at taskprocessor.c:965 #5 0x000055e59d7590a0 in execute_tasks (data=0x55e59fe9a720) at threadpool.c:1322 #6 0x000055e59d7510e8 in ast_taskprocessor_execute (tps=0x55e5a02994d0) at taskprocessor.c:965 #7 0x000055e59d758a74 in threadpool_execute (pool=0x55e5a0297e20) at threadpool.c:351 #8 worker_active (worker=0x7f6df00046c0) at threadpool.c:1105 #9 worker_start (arg=arg@entry=0x7f6df00046c0) at threadpool.c:1024 #10 0x000055e59d76108c in dummy_start (data=<optimized out>) at utils.c:1235 #11 0x00007f6e807f0494 in start_thread (arg=0x7f6dafdea700) at pthread_create.c:333 #12 0x00007f6e7f3faacf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 | ||||
Comments: | By: Asterisk Team (asteriskteam) 2018-06-20 08:37:07.939-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Simone Lazzaris (simone.lazzaris) 2018-06-20 08:38:26.648-0500 I'm trying to write a patch adding some sanity check before dereferencing the *char pointer. I'll submit as soon as they are tested in our environment By: Joshua C. Colp (jcolp) 2018-06-20 08:43:35.265-0500 This has already been fixed in subsequent versions. |