[PATCH] pjmedia_sdp_neg_modify_local_offer2() makes Segmentation fault.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



This has happened in the Asterisk. But it looks like the pjsip has the actual problem.

Could you please take a look this?

When the pjsip trying to sending a Re-invite for established session, it calls pjsip_inv_reinvite().
But atm, if session's SDP is empty(NULL), it makes crash.

[Current thread is 1 (Thread 0x7fe7aff82700 (LWP 32629))]
(gdb) where
#0  0x00007fe87fa6c0c2 in pj_strdup (pool=0x7fe7509ef1e0, dst=0x7fe76d5fca18, src="" at ../include/pj/string_i.h:40
#1  0x00007fe87fa15e84 in pjmedia_sdp_neg_modify_local_offer2 (pool=0x7fe7509ef1e0, neg=0x7fe76da058c0, flags=1, local=0x7fe76dc558a8) at ../src/pjmedia/sdp_neg.c:336
#2  0x00007fe87f9928b0 in pjsip_inv_reinvite (inv=0x7fe76d9551e8, new_contact=0x0, new_offer=0x7fe76dc558a8, p_tdata=0x7fe7aff81ba0) at ../src/pjsip-ua/sip_inv.c:3004
#3  0x00007fe821af5c6c in ast_sip_session_refresh (session=0x7fe76dbbb290, _on_request_creation_=0x0, _on_sdp_creation_=0x0, _on_response_=0x7fe80a9028ae <on_topology_change_response>,
    method=AST_SIP_SESSION_REFRESH_METHOD_INVITE, generate_new_sdp=1, media_state=0x7fe834cfa590) at res_pjsip_session.c:1750
#4  0x00007fe821af443b in send_delayed_request (session=0x7fe76dbbb290, delay=0x7fe7ee8f97d0) at res_pjsip_session.c:1238
#5  0x00007fe821af479d in invite_terminated (vsession=0x7fe76dbbb290) at res_pjsip_session.c:1337
#6  0x00005582959ce79e in ast_taskprocessor_execute (tps=0x7fe76d9174c0) at taskprocessor.c:1185
#7  0x00005582959d808e in execute_tasks (data="" at threadpool.c:1354
#8  0x00005582959ce79e in ast_taskprocessor_execute (tps=0x558298a5ad80) at taskprocessor.c:1185
#9  0x00005582959d5c41 in threadpool_execute (pool=0x558298a55c30) at threadpool.c:367
#10 0x00005582959d78c0 in worker_active (worker=0x7fe7db36acc0) at threadpool.c:1137
#11 0x00005582959d7630 in worker_start (arg=0x7fe7db36acc0) at threadpool.c:1056
#12 0x00005582959e0fd0 in dummy_start (data="" at utils.c:1249
#13 0x00007fe87e0fe4a4 in start_thread (arg=0x7fe7aff82700) at pthread_create.c:456
#14 0x00007fe87c9bfd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
(gdb) frame 1
#1  0x00007fe87fa15e84 in pjmedia_sdp_neg_modify_local_offer2 (pool=0x7fe7509ef1e0, neg=0x7fe76da058c0, flags=1, local=0x7fe76dc558a8) at ../src/pjmedia/sdp_neg.c:336
336    pj_strdup(pool, &new_offer->origin.user, &old_offer->origin.user);
(gdb) list
331    /* RFC 3264 Section 8: When issuing an offer that modifies the session,
332     * the "o=" line of the new SDP MUST be identical to that in the
333     * previous SDP, except that the version in the origin field MUST
334     * increment by one from the previous SDP.
335     */
336    pj_strdup(pool, &new_offer->origin.user, &old_offer->origin.user);
337    new_offer->origin.id = old_offer->origin.id;
339    pj_strdup(pool, &new_offer->origin.net_type, &old_offer->origin.net_type);
340    pj_strdup(pool, &new_offer->origin.addr_type,&old_offer->origin.addr_type);
(gdb) p *neg
$2 = {
  prefer_remote_codec_order = 0,
  answer_with_multiple_codecs = 1,
  has_remote_answer = 0,
  answer_was_remote = 1,
  initial_sdp = 0x0,
  initial_sdp_tmp = 0x0,
  active_local_sdp = 0x0,
  active_remote_sdp = 0x0,
  neg_local_sdp = 0x0,
  neg_remote_sdp = 0x0

Thank you.

Kind regards,

Attachment: fixed_empty_neg.patch
Description: Binary data

Visit our blog: http://blog.pjsip.org

pjsip mailing list

[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux