crash in pjmedia_sdp_neg_set_local_answer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks a lot Joshua, I'll backport the fix.

Regards
Bernard

-----Message d'origine-----
De?: pjsip [mailto:pjsip-bounces at lists.pjsip.org] De la part de Joshua Colp
Envoy??: jeudi 23 avril 2015 14:49
??: pjsip list
Objet?: Re: [pjsip] crash in pjmedia_sdp_neg_set_local_answer

POQUILLON, Bernard wrote:
> Hi,

Kia ora,

> I am using PJSIP 2.3 and sometimes I face crashes when I receive a 
> third INVITE (equivalent to UPDATE). The scenario is:
>
> 1)INVITE with SDP received then 200/OK with SDP sent
>
> 2)INVITE with no SDP received. 200/OK with SDP sent and ACK with SDP 
> received.
>
> 3)INVITE with SDP received
>
> My code uses PJSIP invite API. The structure pjsip_inv_session has 2 
> pools to deal with SDP negotiation, pool_prov and pool_active, and 
> switches between them after each negotiation.
>
> The pjmedia_sdp_neg structure (defined in sdp_neg.c) has a copy of the 
> initial local SDP in field initial_sdp.
>
> When I receive the first INVITE, pjmedia_sdp_neg_set_local_answer is 
> called and builds initial_sdp, taking memory from pool_prov. At the 
> end of the negotiation, pool_prov and pool_active are swapped so 
> initial_sdp is in pool_active. Pool_prov is cleaned.
>
> When the 2^nd INVITE arrives, with no SDP, The API inserts a SDP into 
> the answer, using pjmedia_sdp_neg_send_local_offer. This function does 
> not touch initial_sdp. When the ACK, with SDP, is received, 
> negotiation is done and buffers are swapped so initial_sdp is in pool_prov and cleaned.
>
> For the 3^rd INVITE, with SDP, mod_inv.cb.on_rx_offer callback is 
> called with the offer. The callback calls pjsip_inv_set_sdp_answer 
> with the local SDP and pjsip_inv_set_sdp_answer calls 
> pjmedia_sdp_neg_set_local_answer which tries to duplicate initial_sdp.
> But it was cleaned at the end of the previous negotiation?

This has been fixed in PJSIP 2.4. The issue[1] has a link to the patch[2] which you can backport to 2.3.

Cheers,

[1] https://trac.pjsip.org/repos/ticket/1834
[2] https://trac.pjsip.org/repos/changeset/5040

--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org

_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip at lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux