| Summary: | ASTERISK-28612: res_pjsip_t38: crash on reinvite with zero port and no c= line | ||
| Reporter: | Salah Ahmed (rubel) | Labels: | patch |
| Date Opened: | 2019-11-07 08:22:52.000-0600 | Date Closed: | 2019-11-21 13:45:57.000-0600 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_pjsip_t38 |
| Versions: | 13.20.0 | Frequency of Occurrence | Frequent |
| Related Issues: | |||
| Environment: | Attachments: | ( 0) ASTERISK-28612.diff | |
| Description: | Hello,
Recently we experienced a crash on T38 call. It seems the crash happened while a malformed sdp received from the B-Side endpoint. Malformed SDP: v=0 o=Sippy 1186479683731557114 3 IN IP4 192.168.1.10 s=WebRTCLink t=0 0 m=image 0 udptl t38 Back-trace Core: #0 0x00007f5876d934c5 in pj_strlen (str=0x20) at /usr/include/pj/string.h:272 #1 0x00007f5876d9926c in ast_copy_pj_str (dest=0x7f589160a2f0 "\220\245`\221X\177", src=0x20, size=1025) at res_pjsip.c:4318 #2 0x00007f581ed0b7cc in negotiate_incoming_sdp_stream (session=0x7f587800a860, session_media=0x7f587800b290, sdp=0x7f587801e7c8, stream=0x7f587801ed08) at res_pjsip_t38.c:773 #3 0x00007f5827550a41 in handle_incoming_sdp (session=0x7f587800a860, sdp=0x7f587801e7c8) at res_pjsip_session.c:254 #4 0x00007f582755884d in session_inv_on_rx_offer (inv=0x7f58780092f8, offer=0x7f587801e7c8) at res_pjsip_session.c:3067 #5 0x00007f58765de4b1 in inv_check_sdp_in_incoming_msg (inv=0x7f58780092f8, tsx=0x7f5878008338, rdata=0x7f5798004e88) at ../src/pjsip-ua/sip_inv.c:2126 #6 0x00007f58765e30f4 in inv_on_state_confirmed (inv=0x7f58780092f8, e=0x7f589160aa30) at ../src/pjsip-ua/sip_inv.c:4883 #7 0x00007f58765db580 in mod_inv_on_tsx_state (tsx=0x7f5878008338, e=0x7f589160aa30) at ../src/pjsip-ua/sip_inv.c:718 #8 0x00007f587619fe0c in pjsip_dlg_on_tsx_state (dlg=0x7f58780072e8, tsx=0x7f5878008338, e=0x7f589160aa30) at ../src/pjsip/sip_dialog.c:2066 #9 0x00007f58761a06ee in mod_ua_on_tsx_state (tsx=0x7f5878008338, e=0x7f589160aa30) at ../src/pjsip/sip_ua_layer.c:178 #10 0x00007f58761981ef in tsx_set_state (tsx=0x7f5878008338, state=PJSIP_TSX_STATE_TRYING, event_src_type=PJSIP_EVENT_RX_MSG, event_src=0x7f5798004e88, flag=0) at ../src/pjsip/sip_transaction.c:1268 #11 0x00007f587619a506 in tsx_on_state_null (tsx=0x7f5878008338, event=0x7f589160aac0) at ../src/pjsip/sip_transaction.c:2425 #12 0x00007f58761991fd in pjsip_tsx_recv_msg (tsx=0x7f5878008338, rdata=0x7f5798004e88) at ../src/pjsip/sip_transaction.c:1828 #13 0x00007f587619f4dc in pjsip_dlg_on_rx_request (dlg=0x7f58780072e8, rdata=0x7f5798004e88) at ../src/pjsip/sip_dialog.c:1713 #14 0x00007f58761a1210 in mod_ua_on_rx_request (rdata=0x7f5798004e88) at ../src/pjsip/sip_ua_layer.c:704 #15 0x00007f587617be8e in pjsip_endpt_process_rx_data (endpt=0x26076e8, rdata=0x7f5798004e88, p=0x7f5876fd4ea0 <param>, p_handled=0x7f589160acb4) at ../src/pjsip/sip_endpoint.c:895 #16 0x00007f5876dabca9 in distribute (data=0x7f5798004e88) at res_pjsip/pjsip_distributor.c:897 #17 0x00000000005e116f in ast_taskprocessor_execute (tps=0x289bfb0) at taskprocessor.c:971 #18 0x00000000005ead80 in execute_tasks (data=0x289bfb0) at threadpool.c:1322 #19 0x00000000005e116f in ast_taskprocessor_execute (tps=0x2603440) at taskprocessor.c:971 #20 0x00000000005e9042 in threadpool_execute (pool=0x2603b80) at threadpool.c:351 #21 0x00000000005ea6f6 in worker_active (worker=0x7f5810000ee0) at threadpool.c:1105 #22 0x00000000005ea4af in worker_start (arg=0x7f5810000ee0) at threadpool.c:1024 #23 0x00000000005f6743 in dummy_start (data=0x7f5810000e70) at utils.c:1238 #24 0x00007f5892a60064 in start_thread (arg=0x7f589160b700) at pthread_create.c:309 #25 0x00007f5891d4862d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thanks, Salah | ||
| Comments: | By: Asterisk Team (asteriskteam) 2019-11-07 08:22:52.651-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur. By: Joshua C. Colp (jcolp) 2019-11-07 08:43:39.603-0600 Did you build Asterisk using bundled PJSIP? If not then what version of PJSIP is in use? By: Salah Ahmed (rubel) 2019-11-07 08:47:52.139-0600 Yeah we using PJSIP bundle and the version is 2.7.2 By: Joshua C. Colp (jcolp) 2019-11-07 08:57:52.156-0600 Please try the attached patch if you can reproduce the problem yourself. By: Salah Ahmed (rubel) 2019-11-07 09:45:28.371-0600 This patch solved the issue. I couldn't reproduce this issue with this patch. Thank you. By: Friendly Automation (friendly-automation) 2019-11-21 13:45:57.922-0600 Change 13231 merged by Benjamin Keith Ford: res_pjsip_session.c: Check for port of zero on incoming SDP. [https://gerrit.asterisk.org/c/asterisk/+/13231|https://gerrit.asterisk.org/c/asterisk/+/13231] By: Friendly Automation (friendly-automation) 2019-11-21 13:47:46.374-0600 Change 13276 merged by Benjamin Keith Ford: res_pjsip_session.c: Check for port of zero on incoming SDP. [https://gerrit.asterisk.org/c/asterisk/+/13276|https://gerrit.asterisk.org/c/asterisk/+/13276] By: Friendly Automation (friendly-automation) 2019-11-21 14:44:41.493-0600 Change 13282 merged by Benjamin Keith Ford: res_pjsip_session.c: Check for port of zero on incoming SDP. [https://gerrit.asterisk.org/c/asterisk/+/13282|https://gerrit.asterisk.org/c/asterisk/+/13282] | ||