Hi, 
Guest
Pic
Sign In

pjsip@lists.pjsip.org

pjsip list

View all threads

Re: [pjsip] pjsua turn crash

HB
Håkan Berg
Fri, Jun 29, 2018 9:10 AM

Hello pjsip developers,
Any update on this? Did you create a trac ticket for this issue?

Br,
/Håkan

From: Håkan Berg
Sent: den 8 juni 2018 13:02
To: 'pjsip@lists.pjsip.org' pjsip@lists.pjsip.org
Subject: pjsua turn crash

Hello,
I believe I've found a null pointer dereference in pjsua, when terminating a call while trying to connect to a turn server that does not respond.

To reproduce:
Compile pjsip for linux x86_64 (./configure && make && cd pjsip-apps/bin)

Start pjsua with turn enabled, using a bogus ip to represent a turn server that does not currently respond, and call any ip:
gdb --args ./pjsua-x86_64-unknown-linux-gnu --use-ice --use-turn --turn-srv 8.8.8.8:12345 --turn-user na --turn-passwd na --playback-dev=1 --capture-dev=1 --id sip:localhost --app-log-level=6 --no-cli-console --duration=10

press m, enter sip:4.4.4.4
press h

...
Program received signal SIGSEGV, Segmentation fault.
0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0,
msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370
2370                                                if (call->inv->role == PJSIP_ROLE_UAS)
(gdb) bt
#0  0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0,
msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370
#1  0x0000000000418115 in ui_hangup_call (menuin=0x7fffffffdf00 "h\n")
at ../src/pjsua/pjsua_app_legacy.c:831
#2  0x0000000000419f5d in legacy_main ()
at ../src/pjsua/pjsua_app_legacy.c:1765
#3  0x0000000000409fa8 in pjsua_app_run (wait_telnet_cli=1)
at ../src/pjsua/pjsua_app.c:1945
#4  0x00000000004064a6 in main_func (argc=16, argv=0x7fffffffe168)
at ../src/pjsua/main.c:110
#5  0x00000000005c2998 in pj_run_app (main_func=0x406429 <main_func>, argc=16,
argv=0x7fffffffe168, flags=0) at ../src/pj/os_core_unix.c:1952
#6  0x000000000040651c in main (argc=16, argv=0x7fffffffe168)
at ../src/pjsua/main.c:129
(gdb) p call->inv
$1 = (pjsip_inv_session *) 0x0

Checking call->inv for NULL on pjsua_call.c:2370 seem to prevents the crash, but I'm not sure this is the correct fix.

Br,
/Håkan

Hello pjsip developers, Any update on this? Did you create a trac ticket for this issue? Br, /Håkan From: Håkan Berg Sent: den 8 juni 2018 13:02 To: 'pjsip@lists.pjsip.org' <pjsip@lists.pjsip.org> Subject: pjsua turn crash Hello, I believe I've found a null pointer dereference in pjsua, when terminating a call while trying to connect to a turn server that does not respond. To reproduce: Compile pjsip for linux x86_64 (./configure && make && cd pjsip-apps/bin) Start pjsua with turn enabled, using a bogus ip to represent a turn server that does not currently respond, and call any ip: gdb --args ./pjsua-x86_64-unknown-linux-gnu --use-ice --use-turn --turn-srv 8.8.8.8:12345 --turn-user na --turn-passwd na --playback-dev=1 --capture-dev=1 --id sip:localhost --app-log-level=6 --no-cli-console --duration=10 press m, enter sip:4.4.4.4 press h ... Program received signal SIGSEGV, Segmentation fault. 0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0, msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370 2370 if (call->inv->role == PJSIP_ROLE_UAS) (gdb) bt #0 0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0, msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370 #1 0x0000000000418115 in ui_hangup_call (menuin=0x7fffffffdf00 "h\n") at ../src/pjsua/pjsua_app_legacy.c:831 #2 0x0000000000419f5d in legacy_main () at ../src/pjsua/pjsua_app_legacy.c:1765 #3 0x0000000000409fa8 in pjsua_app_run (wait_telnet_cli=1) at ../src/pjsua/pjsua_app.c:1945 #4 0x00000000004064a6 in main_func (argc=16, argv=0x7fffffffe168) at ../src/pjsua/main.c:110 #5 0x00000000005c2998 in pj_run_app (main_func=0x406429 <main_func>, argc=16, argv=0x7fffffffe168, flags=0) at ../src/pj/os_core_unix.c:1952 #6 0x000000000040651c in main (argc=16, argv=0x7fffffffe168) at ../src/pjsua/main.c:129 (gdb) p call->inv $1 = (pjsip_inv_session *) 0x0 Checking call->inv for NULL on pjsua_call.c:2370 seem to prevents the crash, but I'm not sure this is the correct fix. Br, /Håkan
M
Ming
Tue, Jul 3, 2018 3:14 AM

Hi Hakan,

Thanks for the report. We fixed it in ticket #2125
(https://trac.pjsip.org/repos/ticket/2125).

Best regards,
Ming

On Fri, Jun 29, 2018 at 10:10 AM, Håkan Berg hakan.berg@axis.com wrote:

Hello pjsip developers,

Any update on this? Did you create a trac ticket for this issue?

Br,

/Håkan

From: Håkan Berg
Sent: den 8 juni 2018 13:02
To: 'pjsip@lists.pjsip.org' pjsip@lists.pjsip.org
Subject: pjsua turn crash

Hello,

I believe I’ve found a null pointer dereference in pjsua, when terminating a
call while trying to connect to a turn server that does not respond.

To reproduce:

Compile pjsip for linux x86_64 (./configure && make && cd pjsip-apps/bin)

Start pjsua with turn enabled, using a bogus ip to represent a turn server
that does not currently respond, and call any ip:

gdb --args ./pjsua-x86_64-unknown-linux-gnu --use-ice --use-turn --turn-srv
8.8.8.8:12345 --turn-user na --turn-passwd na --playback-dev=1
--capture-dev=1 --id sip:localhost --app-log-level=6 --no-cli-console
--duration=10

press m, enter sip:4.4.4.4

press h

...

Program received signal SIGSEGV, Segmentation fault.

0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0,

 msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370

2370                                                if (call->inv->role ==
PJSIP_ROLE_UAS)

(gdb) bt

#0  0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0,

 msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370

#1  0x0000000000418115 in ui_hangup_call (menuin=0x7fffffffdf00 "h\n")

 at ../src/pjsua/pjsua_app_legacy.c:831

#2  0x0000000000419f5d in legacy_main ()

 at ../src/pjsua/pjsua_app_legacy.c:1765

#3  0x0000000000409fa8 in pjsua_app_run (wait_telnet_cli=1)

 at ../src/pjsua/pjsua_app.c:1945

#4  0x00000000004064a6 in main_func (argc=16, argv=0x7fffffffe168)

 at ../src/pjsua/main.c:110

#5  0x00000000005c2998 in pj_run_app (main_func=0x406429 <main_func>,
argc=16,

 argv=0x7fffffffe168, flags=0) at ../src/pj/os_core_unix.c:1952

#6  0x000000000040651c in main (argc=16, argv=0x7fffffffe168)

 at ../src/pjsua/main.c:129

(gdb) p call->inv

$1 = (pjsip_inv_session *) 0x0

Checking call->inv for NULL on pjsua_call.c:2370 seem to prevents the crash,
but I’m not sure this is the correct fix.

Br,

/Håkan

Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org

Hi Hakan, Thanks for the report. We fixed it in ticket #2125 (https://trac.pjsip.org/repos/ticket/2125). Best regards, Ming On Fri, Jun 29, 2018 at 10:10 AM, Håkan Berg <hakan.berg@axis.com> wrote: > Hello pjsip developers, > > Any update on this? Did you create a trac ticket for this issue? > > > > Br, > > /Håkan > > > > From: Håkan Berg > Sent: den 8 juni 2018 13:02 > To: 'pjsip@lists.pjsip.org' <pjsip@lists.pjsip.org> > Subject: pjsua turn crash > > > > Hello, > > I believe I’ve found a null pointer dereference in pjsua, when terminating a > call while trying to connect to a turn server that does not respond. > > > > To reproduce: > > Compile pjsip for linux x86_64 (./configure && make && cd pjsip-apps/bin) > > > > Start pjsua with turn enabled, using a bogus ip to represent a turn server > that does not currently respond, and call any ip: > > gdb --args ./pjsua-x86_64-unknown-linux-gnu --use-ice --use-turn --turn-srv > 8.8.8.8:12345 --turn-user na --turn-passwd na --playback-dev=1 > --capture-dev=1 --id sip:localhost --app-log-level=6 --no-cli-console > --duration=10 > > > > press m, enter sip:4.4.4.4 > > press h > > > > ... > > Program received signal SIGSEGV, Segmentation fault. > > 0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0, > > msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370 > > 2370 if (call->inv->role == > PJSIP_ROLE_UAS) > > (gdb) bt > > #0 0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0, > > msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370 > > #1 0x0000000000418115 in ui_hangup_call (menuin=0x7fffffffdf00 "h\n") > > at ../src/pjsua/pjsua_app_legacy.c:831 > > #2 0x0000000000419f5d in legacy_main () > > at ../src/pjsua/pjsua_app_legacy.c:1765 > > #3 0x0000000000409fa8 in pjsua_app_run (wait_telnet_cli=1) > > at ../src/pjsua/pjsua_app.c:1945 > > #4 0x00000000004064a6 in main_func (argc=16, argv=0x7fffffffe168) > > at ../src/pjsua/main.c:110 > > #5 0x00000000005c2998 in pj_run_app (main_func=0x406429 <main_func>, > argc=16, > > argv=0x7fffffffe168, flags=0) at ../src/pj/os_core_unix.c:1952 > > #6 0x000000000040651c in main (argc=16, argv=0x7fffffffe168) > > at ../src/pjsua/main.c:129 > > (gdb) p call->inv > > $1 = (pjsip_inv_session *) 0x0 > > > > > > > > Checking call->inv for NULL on pjsua_call.c:2370 seem to prevents the crash, > but I’m not sure this is the correct fix. > > > > Br, > > /Håkan > > > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip@lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >
Empathy v1.0   2025 ©emwd.com
Documentation