need some help with a strange crash

bennylp@xxxxxxxxx (Benny Prijono) · Wed, 23 Jul 2008 11:03:47 +0100

On Tue, Jul 22, 2008 at 8:38 PM, Brocha Strous <Brocha.Strous at kayote.com>
wrote:

>  Hi,
>
> I am running a stateful proxy  using a modified version of the stateful
> proxy sample from the tree ? pj version 0.7.0.
>
> I am receiving a malformed REGISTER packet whose CSeq header looks like
> this:
>
>
>
> CSeq: 38993 EGISTER.
>
>
>
> This packet gets thru the parser with no problems (which in itself is
> probably a bad thing) and is treated as a REGISTER request (the request line
> is not malformed).
>
>
The parser is just doing syntactic check so I think it's okay to let this
message through. And anyway it will be verified later when creating UAS
transaction.

> The code that handles requests in the proxy module I have this:
>
>
>
>       status = pjsip_tsx_create_uac(&mod_tu, tdata, &uac_tsx);
>
>       if (status != PJ_SUCCESS) {
>
>           pjsip_tx_data_dec_ref(tdata);
>
>           pjsip_endpt_respond_stateless(global.endpt, rdata,
>
>                                 PJSIP_SC_INTERNAL_SERVER_ERROR,
>
>                                 NULL, NULL, NULL);
>
>           return PJ_TRUE;
>
>       }
>
>
>
>       /* Create UAS transaction to handle incoming request */
>
>       status = pjsip_tsx_create_uas(&mod_tu, rdata, &uas_tsx);
>
>       if (status != PJ_SUCCESS) {
>
>           pjsip_tx_data_dec_ref(tdata);
>
>           pjsip_endpt_respond_stateless(global.endpt, rdata,
>
>                                 PJSIP_SC_INTERNAL_SERVER_ERROR,
>
>                                 NULL, NULL, NULL);
>
>           pjsip_tsx_terminate(uac_tsx, PJSIP_SC_INTERNAL_SERVER_ERROR);
>
>           return PJ_TRUE;
>
>       }
>
>
>
>
>
> The call to pjsip_tsx_create_uas fails and a 500 error is sent back.
> However the call to pjsip_tsx_terminate causes a crash. More specifically
> tsx_set_state which in turn has this code:
>
>
>
> if (tsx->tsx_user && tsx->tsx_user->on_tsx_state) {
>
>       pjsip_event e;
>
>       PJSIP_EVENT_INIT_TSX_STATE(e, tsx, event_src_type, event_src,
>
>                            prev_state);
>
>       (*tsx->tsx_user->on_tsx_state)(tsx, &e);
>
>     }
>
>
>
> It's the line (*tsx->tsx_user->on_tsx_state)(tsx, &e) that is causing the
> crash.
>
>
>
> Whats going on?
>

The crash actually is in the application and not in PJSIP. I've fixed this
in stateful_proxy.c sample, have a look here:
http://trac.pjsip.org/repos/changeset/2168

Thanks for the report though.

Cheers
 Benny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20080723/5ff33b4b/attachment-0001.html 