Re: Segfault with Asterisk 13.10.0 and PJSIP 2.5.5 related to Changeset 5373

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Alexei,

auth_sess, of type pjsip_auth_clt_sess, is not dynamically allocated, so the check is unnecessary. If create_dialog() fails, then destroy_dialog() won't be called, so the current fix (r5401) seems to be sufficient. If it still causes any problems, please let us know and perhaps a different fix may be required.

Best regards,
Ming

On Thu, Jul 28, 2016 at 10:24 PM, Alexei Gradinari <alex2grad@xxxxxxxxx> wrote:
Hello Nanang,

I think the patch
https://trac.pjsip.org/repos/changeset/5401 introduced
a new memory leak in case of error in create_dialog.
The client auth session should be deinitialized.
Patch attached.

Regards,
Alexei



Thursday, July 28, 2016, 4:23:37 AM, you wrote:

Hi Pirmin,

Just fixed this in SVN trunk for ticket
https://trac.pjsip.org/repos/ticket/1946.

Thank you for the report and the analysis.

BR,
nanang


On Mon, Jul 25, 2016 at 2:48 PM, Pirmin Walthert <
pirmin.walthert@xxxxxxxx> wrote:
Hi again

Just looked a bit depeer into the pjsip code and it seems like pjsip_dlg_create_uac in sip_dialog.c would in some cases call "goto on_error" before pjsip_auth_clt_init was called. As in this case dlg->auth_session is not initialized, pjsip_auth_clt_deinit(&dlg->auth_sess) should not be called in destroy_dialog (or pjsip_auth_clt_deinit should be changed in a way that it recognizes whether pjsip_auth_clt_init had been executed previously or not).

Best regards,

Pirmin


On 07/24/2016 02:20 PM, Pirmin Walthert wrote:
Hello

I'm able to reproduce a crash when combining Asterisk 13.10.0 with PJSIP 2.5.5. The crash seems to be related to Changeset 5373 as I'm not able to reproduce it when reversing this changeset.

Backtrace:

#0  0x00007f20d18b4ce8 in pjsip_auth_clt_deinit () from /usr/lib/libpjsip.so.2
#1  0x00007f20d18ba93e in destroy_dialog () from /usr/lib/libpjsip.so.2
#2  0x00007f20d18bb20f in pjsip_dlg_create_uac () from /usr/lib/libpjsip.so.2
#3  0x00007f20c2bd1fd6 in ast_sip_create_dialog_uac () from /usr/lib/asterisk/modules/res_pjsip.so
#4  0x00007f20be4bfc4b in ast_sip_session_create_outgoing () from /usr/lib/asterisk/modules/res_pjsip_session.so
#5  0x00007f20bbc5cecc in ?? () from /usr/lib/asterisk/modules/chan_pjsip.so
#6  0x00007f20c2bcfc80 in ?? () from /usr/lib/asterisk/modules/res_pjsip.so
#7  0x00000000005c90de in ast_taskprocessor_execute ()
#8  0x00000000005d00e0 in ?? ()
#9  0x00000000005c90de in ast_taskprocessor_execute ()
#10 0x00000000005d0998 in ?? ()
#11 0x00000000005d9faa in ?? ()
#12 0x00007f20e01ba715 in ?? () from /lib/ld-musl-x86_64.so.1
#13 0x0000000000000000 in ?? ()


Steps to reproduce:

- register two clients
- starting a call from device 1 to device 2
- taking device two offline and waiting until the registration times out
- starting a new call from device 1 to device 2


Best regards,

Pirmin


_______________________________________________
Visit our blog:
http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org


_______________________________________________
Visit our blog:
http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org




--
Best regards,
Alexei                            
mailto:alex2grad@xxxxxxxxx

_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org


_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org

[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux