Hello,
I believe I've found a null pointer dereference in pjsua, when terminating a call while trying to connect to a turn server that does not respond.
To reproduce:
Compile pjsip for linux x86_64 (./configure && make && cd pjsip-apps/bin)
Start pjsua with turn enabled, using a bogus ip to represent a turn server that does not currently respond, and call any ip:
gdb --args ./pjsua-x86_64-unknown-linux-gnu --use-ice --use-turn --turn-srv 8.8.8.8:12345 --turn-user na --turn-passwd na --playback-dev=1 --capture-dev=1 --id sip:localhost --app-log-level=6 --no-cli-console --duration=10
press m, enter sip:4.4.4.4
press h
...
Program received signal SIGSEGV, Segmentation fault.
0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0,
msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370
2370 if (call->inv->role == PJSIP_ROLE_UAS)
(gdb) bt
#0 0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0,
msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370
#1 0x0000000000418115 in ui_hangup_call (menuin=0x7fffffffdf00 "h\n")
at ../src/pjsua/pjsua_app_legacy.c:831
#2 0x0000000000419f5d in legacy_main ()
at ../src/pjsua/pjsua_app_legacy.c:1765
#3 0x0000000000409fa8 in pjsua_app_run (wait_telnet_cli=1)
at ../src/pjsua/pjsua_app.c:1945
#4 0x00000000004064a6 in main_func (argc=16, argv=0x7fffffffe168)
at ../src/pjsua/main.c:110
#5 0x00000000005c2998 in pj_run_app (main_func=0x406429 <main_func>, argc=16,
argv=0x7fffffffe168, flags=0) at ../src/pj/os_core_unix.c:1952
#6 0x000000000040651c in main (argc=16, argv=0x7fffffffe168)
at ../src/pjsua/main.c:129
(gdb) p call->inv
$1 = (pjsip_inv_session *) 0x0
Checking call->inv for NULL on pjsua_call.c:2370 seem to prevents the crash, but I'm not sure this is the correct fix.
Br,
/Håkan
Hello,
I believe I've found a null pointer dereference in pjsua, when terminating a call while trying to connect to a turn server that does not respond.
To reproduce:
Compile pjsip for linux x86_64 (./configure && make && cd pjsip-apps/bin)
Start pjsua with turn enabled, using a bogus ip to represent a turn server that does not currently respond, and call any ip:
gdb --args ./pjsua-x86_64-unknown-linux-gnu --use-ice --use-turn --turn-srv 8.8.8.8:12345 --turn-user na --turn-passwd na --playback-dev=1 --capture-dev=1 --id sip:localhost --app-log-level=6 --no-cli-console --duration=10
press m, enter sip:4.4.4.4
press h
...
Program received signal SIGSEGV, Segmentation fault.
0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0,
msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370
2370 if (call->inv->role == PJSIP_ROLE_UAS)
(gdb) bt
#0 0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0,
msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370
#1 0x0000000000418115 in ui_hangup_call (menuin=0x7fffffffdf00 "h\n")
at ../src/pjsua/pjsua_app_legacy.c:831
#2 0x0000000000419f5d in legacy_main ()
at ../src/pjsua/pjsua_app_legacy.c:1765
#3 0x0000000000409fa8 in pjsua_app_run (wait_telnet_cli=1)
at ../src/pjsua/pjsua_app.c:1945
#4 0x00000000004064a6 in main_func (argc=16, argv=0x7fffffffe168)
at ../src/pjsua/main.c:110
#5 0x00000000005c2998 in pj_run_app (main_func=0x406429 <main_func>, argc=16,
argv=0x7fffffffe168, flags=0) at ../src/pj/os_core_unix.c:1952
#6 0x000000000040651c in main (argc=16, argv=0x7fffffffe168)
at ../src/pjsua/main.c:129
(gdb) p call->inv
$1 = (pjsip_inv_session *) 0x0
Checking call->inv for NULL on pjsua_call.c:2370 seem to prevents the crash, but I'm not sure this is the correct fix.
Br,
/Håkan
