Hi, This has happened in the Asterisk. But it looks like the pjsip has the actual problem. Could you please take a look this? When the pjsip trying to sending a Re-invite for established session, it calls pjsip_inv_reinvite(). But atm, if session's SDP is empty(NULL), it makes crash. [Current thread is 1 (Thread 0x7fe7aff82700 (LWP 32629))] (gdb) (gdb) where #0 0x00007fe87fa6c0c2 in pj_strdup (pool=0x7fe7509ef1e0, dst=0x7fe76d5fca18, src=0x0) at ../include/pj/string_i.h:40 #1 0x00007fe87fa15e84 in pjmedia_sdp_neg_modify_local_offer2 (pool=0x7fe7509ef1e0, neg=0x7fe76da058c0, flags=1, local=0x7fe76dc558a8) at ../src/pjmedia/sdp_neg.c:336 #2 0x00007fe87f9928b0 in pjsip_inv_reinvite (inv=0x7fe76d9551e8, new_contact=0x0, new_offer=0x7fe76dc558a8, p_tdata=0x7fe7aff81ba0) at ../src/pjsip-ua/sip_inv.c:3004 #3 0x00007fe821af5c6c in ast_sip_session_refresh (session=0x7fe76dbbb290, on_request_creation=0x0, on_sdp_creation=0x0, on_response=0x7fe80a9028ae <on_topology_change_response>, method=AST_SIP_SESSION_REFRESH_METHOD_INVITE, generate_new_sdp=1, media_state=0x7fe834cfa590) at res_pjsip_session.c:1750 #4 0x00007fe821af443b in send_delayed_request (session=0x7fe76dbbb290, delay=0x7fe7ee8f97d0) at res_pjsip_session.c:1238 #5 0x00007fe821af479d in invite_terminated (vsession=0x7fe76dbbb290) at res_pjsip_session.c:1337 #6 0x00005582959ce79e in ast_taskprocessor_execute (tps=0x7fe76d9174c0) at taskprocessor.c:1185 #7 0x00005582959d808e in execute_tasks (data=0x7fe76d9174c0) at threadpool.c:1354 #8 0x00005582959ce79e in ast_taskprocessor_execute (tps=0x558298a5ad80) at taskprocessor.c:1185 #9 0x00005582959d5c41 in threadpool_execute (pool=0x558298a55c30) at threadpool.c:367 #10 0x00005582959d78c0 in worker_active (worker=0x7fe7db36acc0) at threadpool.c:1137 #11 0x00005582959d7630 in worker_start (arg=0x7fe7db36acc0) at threadpool.c:1056 #12 0x00005582959e0fd0 in dummy_start (data=0x7fe7db36ad80) at utils.c:1249 #13 0x00007fe87e0fe4a4 in start_thread (arg=0x7fe7aff82700) at pthread_create.c:456 #14 0x00007fe87c9bfd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 (gdb) frame 1 #1 0x00007fe87fa15e84 in pjmedia_sdp_neg_modify_local_offer2 (pool=0x7fe7509ef1e0, neg=0x7fe76da058c0, flags=1, local=0x7fe76dc558a8) at ../src/pjmedia/sdp_neg.c:336 336 pj_strdup(pool, &new_offer->origin.user, &old_offer->origin.user); (gdb) list 331 /* RFC 3264 Section 8: When issuing an offer that modifies the session, 332 * the "o=" line of the new SDP MUST be identical to that in the 333 * previous SDP, except that the version in the origin field MUST 334 * increment by one from the previous SDP. 335 */ 336 pj_strdup(pool, &new_offer->origin.user, &old_offer->origin.user); 337 new_offer->origin.id = old_offer->origin.id; 338 339 pj_strdup(pool, &new_offer->origin.net_type, &old_offer->origin.net_type); 340 pj_strdup(pool, &new_offer->origin.addr_type,&old_offer->origin.addr_type); (gdb) p *neg $2 = { state = PJMEDIA_SDP_NEG_STATE_LOCAL_OFFER, prefer_remote_codec_order = 0, answer_with_multiple_codecs = 1, has_remote_answer = 0, answer_was_remote = 1, initial_sdp = 0x0, initial_sdp_tmp = 0x0, active_local_sdp = 0x0, active_remote_sdp = 0x0, neg_local_sdp = 0x0, neg_remote_sdp = 0x0 } Thank you. Kind regards, Sungtae

Hi Sungtae, The pjsip_inv_reinvite() only invokes pjmedia_sdp_neg_modify_local_offer2() when negotiator state is PJMEDIA_SDP_NEG_STATE_DONE and in state PJMEDIA_SDP_NEG_STATE_DONE, active_local_sdp should never be NULL, so the problem seems to be something else, e.g: memory overwritten, not the pjmedia_sdp_neg_modify_local_offer2(). BR, nanang On Wed, Feb 19, 2020 at 6:28 PM Sung-tae Kim <pchero21@gmail.com> wrote: > Hi, > > This has happened in the Asterisk. But it looks like the pjsip has the > actual problem. > > Could you please take a look this? > > When the pjsip trying to sending a Re-invite for established session, it > calls pjsip_inv_reinvite(). > But atm, if session's SDP is empty(NULL), it makes crash. > > [Current thread is 1 (Thread 0x7fe7aff82700 (LWP 32629))] > (gdb) > (gdb) where > #0 0x00007fe87fa6c0c2 in pj_strdup (pool=0x7fe7509ef1e0, > dst=0x7fe76d5fca18, src=0x0) at ../include/pj/string_i.h:40 > #1 0x00007fe87fa15e84 in pjmedia_sdp_neg_modify_local_offer2 > (pool=0x7fe7509ef1e0, neg=0x7fe76da058c0, flags=1, local=0x7fe76dc558a8) at > ../src/pjmedia/sdp_neg.c:336 > #2 0x00007fe87f9928b0 in pjsip_inv_reinvite (inv=0x7fe76d9551e8, > new_contact=0x0, new_offer=0x7fe76dc558a8, p_tdata=0x7fe7aff81ba0) at > ../src/pjsip-ua/sip_inv.c:3004 > #3 0x00007fe821af5c6c in ast_sip_session_refresh (session=0x7fe76dbbb290, > on_request_creation=0x0, on_sdp_creation=0x0, on_response=0x7fe80a9028ae > <on_topology_change_response>, > method=AST_SIP_SESSION_REFRESH_METHOD_INVITE, generate_new_sdp=1, > media_state=0x7fe834cfa590) at res_pjsip_session.c:1750 > #4 0x00007fe821af443b in send_delayed_request (session=0x7fe76dbbb290, > delay=0x7fe7ee8f97d0) at res_pjsip_session.c:1238 > #5 0x00007fe821af479d in invite_terminated (vsession=0x7fe76dbbb290) at > res_pjsip_session.c:1337 > #6 0x00005582959ce79e in ast_taskprocessor_execute (tps=0x7fe76d9174c0) > at taskprocessor.c:1185 > #7 0x00005582959d808e in execute_tasks (data=0x7fe76d9174c0) at > threadpool.c:1354 > #8 0x00005582959ce79e in ast_taskprocessor_execute (tps=0x558298a5ad80) > at taskprocessor.c:1185 > #9 0x00005582959d5c41 in threadpool_execute (pool=0x558298a55c30) at > threadpool.c:367 > #10 0x00005582959d78c0 in worker_active (worker=0x7fe7db36acc0) at > threadpool.c:1137 > #11 0x00005582959d7630 in worker_start (arg=0x7fe7db36acc0) at > threadpool.c:1056 > #12 0x00005582959e0fd0 in dummy_start (data=0x7fe7db36ad80) at utils.c:1249 > #13 0x00007fe87e0fe4a4 in start_thread (arg=0x7fe7aff82700) at > pthread_create.c:456 > #14 0x00007fe87c9bfd0f in clone () at > ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 > (gdb) frame 1 > #1 0x00007fe87fa15e84 in pjmedia_sdp_neg_modify_local_offer2 > (pool=0x7fe7509ef1e0, neg=0x7fe76da058c0, flags=1, local=0x7fe76dc558a8) at > ../src/pjmedia/sdp_neg.c:336 > 336 pj_strdup(pool, &new_offer->origin.user, &old_offer->origin.user); > (gdb) list > 331 /* RFC 3264 Section 8: When issuing an offer that modifies the > session, > 332 * the "o=" line of the new SDP MUST be identical to that in the > 333 * previous SDP, except that the version in the origin field MUST > 334 * increment by one from the previous SDP. > 335 */ > 336 pj_strdup(pool, &new_offer->origin.user, &old_offer->origin.user); > 337 new_offer->origin.id = old_offer->origin.id; > 338 > 339 pj_strdup(pool, &new_offer->origin.net_type, > &old_offer->origin.net_type); > 340 pj_strdup(pool, > &new_offer->origin.addr_type,&old_offer->origin.addr_type); > (gdb) p *neg > $2 = { > state = PJMEDIA_SDP_NEG_STATE_LOCAL_OFFER, > prefer_remote_codec_order = 0, > answer_with_multiple_codecs = 1, > has_remote_answer = 0, > answer_was_remote = 1, > initial_sdp = 0x0, > initial_sdp_tmp = 0x0, > active_local_sdp = 0x0, > active_remote_sdp = 0x0, > neg_local_sdp = 0x0, > neg_remote_sdp = 0x0 > } > > > > Thank you. > > Kind regards, > Sungtae > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip@lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >