Summary: | ASTERISK-07560: [patch] Jingle channel dial attempt causes Asterisk to segmentation fault | ||
Reporter: | muppetmaster (muppetmaster) | Labels: | |
Date Opened: | 2006-08-19 14:45:09 | Date Closed: | 2007-02-20 20:05:28.000-0600 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_jingle |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) asterisk-gtalk-nofreeafteralloca.patch.txt ( 1) asterisk-gtalk-null.patch.txt ( 2) btfull2.txt ( 3) chan_gtalk_free_fix.patch.txt ( 4) jabber.conf ( 5) jingle.conf ( 6) jinglediff.txt ( 7) M7764.txt ( 8) twilson-indent.diff | |
Description: | When a call is attempted via the Jingle channel the SVN TRUNK version throws a segmentation fault. ****** ADDITIONAL INFORMATION ****** - CLI Output running safe_asterisk --- -- Executing [912@test_jingle:1] JabberSend("SIP/xlite-081e3c78", "asterisk|realadd@gmail.com|I am trying to call you via the Asterisk Jingle implementation to Gtalk - This message sent from Asterisk") in new stack [Aug 19 21:39:15] WARNING[1216]: res_jabber.c:1287 ast_aji_send: JABBER: Not connected can't send -- Executing [912@test_jingle:2] Dial("SIP/xlite-081e3c78", "Jingle/asterisk/realadd@gmail.com") in new stack BCNLLULL*CLI> Disconnected from Asterisk server me@BCNLLULL:~$ /usr/sbin/safe_asterisk: line 111: 1179 Segmentation fault (core dumped) nice -n $PRIORITY ${ASTSBINDIR}/asterisk ${CLIARGS} ${ASTARGS} >&/dev/${TTY} </dev/${TTY} Asterisk ended with exit status 139 Asterisk exited on signal 11. --- - bt full --- #0 0xb727a2dc in jingle_alloc (client=0x81a46c8, from=0xb6d65fc9 "realadd@gmail.com", sid=0x0) at chan_jingle.c:706 706 resources = client->buddy->resources; (gdb) bt full #0 0xb727a2dc in jingle_alloc (client=0x81a46c8, from=0xb6d65fc9 "realadd@gmail.com", sid=0x0) at chan_jingle.c:706 tmp = <value optimized out> resources = <value optimized out> idroster = '\0' <repeats 180 times>, "w~��", '\0' <repeats 12 times>, "\ 221g&ASTERISK-2012;" __PRETTY_FUNCTION__ = "jingle_alloc" #1 0xb727a5c7 in jingle_request (type=0xb6d660b0 "Jingle", format=4, data=0xb6d66dd4, cause=0xb6d66eec) at chan_jingle.c:1373 __r0 = 47 '/' p = <value optimized out> client = (struct jingle *) 0x0 sender = 0xb6d65fc0 "asterisk" to = 0xb6d65fc9 "realadd@gmail.com" s = 0x0 chan = <value optimized out> __PRETTY_FUNCTION__ = "jingle_request" #2 0x080656e1 in ast_request (type=0xb6d660b0 "Jingle", format=4, data=0x0, cause=0xb6d66eec) at channel.c:2720 chan = (struct chanlist *) 0x81a3720 c = <value optimized out> capabilities = 4 fmt = 4 ---Type <return> to continue, or q <return> to quit--- res = <value optimized out> foo = 102608 videoformat = 4 __PRETTY_FUNCTION__ = "ast_request" #3 0xb6f44576 in dial_exec_full (chan=0x8165f00, data=<value optimized out>, peerflags=0xb6d66f24) at app_dial.c:1074 __r0 = 47 '/' res = -1 u = (struct localuser *) 0x8166388 rest = 0x0 cur = <value optimized out> outgoing = (struct dial_localuser *) 0x0 peer = <value optimized out> to = <value optimized out> numbusy = 0 numcongestion = 0 numnochan = 0 cause = 0 numsubst = "asterisk/realadd@gmail.com\000&ASTERISK-1447;\bn&ASTERISK-1447;\027\000\000\000\233\0 04\000\000\230\232��,n&ASTERISK-1447;\210n&ASTERISK-1447;7\006\v\b`�&ASTERISK-1572;\027\000\000\000\236\000\000\000\000\00 0\000\000P\000\000" cidname = "8\227&ASTERISK-1950;�`��\000P���\000\000\000\000P���Z��\025e\026\b\000\000\ 000\000�m&ASTERISK-1447;R�&ASTERISK-1950;�`�������\000\000\000����L�&ASTERISK-1447;�\000\000\000\000\000\000\001\001\0---T ype <return> to continue, or q <return> to quit--- 00\000\000\000\000\000\000Z\230&ASTERISK-1950;" privdb_val = 0 calldurationlimit = 0 timelimit = 0 play_warning = 0 warning_freq = 0 warning_sound = 0x0 end_sound = 0x0 start_sound = 0x0 dtmfcalled = 0x0 dtmfcalling = 0x0 status = "\\l&ASTERISK-1447;1�&ASTERISK-1950;\200l&ASTERISK-1447;,n&ASTERISK-1447;{n40\000\000\000\000{n&ASTERISK-1447;�Z��ck\021\b\234m&ASTERISK-1447;lm&ASTERISK-1447;6j &ASTERISK-1950;\200l&ASTERISK-1447;ck\021\b�m&ASTERISK-1447;,n&ASTERISK-1447;\000\000\000\000 m&ASTERISK-1447;\200l&ASTERISK-1447;\001\200��,n&ASTERISK-1447;,n&ASTERISK-1447;,n&ASTERISK-1447;,n&ASTERISK-1447;Gn&ASTERISK-1447;{n&ASTERISK-1447;,n&ASTERISK-1447;{n&ASTERISK-1447; ", '\0' <repeats 20 times>, "`P��\000\000\000\000\204\a��\000\000\000�\000\000\0 00\000<�\222�$m&ASTERISK-1447;\033[1;37;4����87\033[0;37;40m\000\000\000\000\000\000\000\000:\ 000\000\000\006�\222�4�&ASTERISK-1950;<�\222�'\000"... play_to_caller = 0 play_to_callee = 0 sentringing = <value optimized out> moh = <value optimized out> outbound_group = 0x0 result = <value optimized out> start_time = <value optimized out> ---Type <return> to continue, or q <return> to quit--- privintro = "\\l&ASTERISK-1447;wj&ASTERISK-1822;\200l&ASTERISK-1447;xk\021\b\001", '\0' <repeats 47 times>, " �\02 1\b", '\0' <repeats 32 times>, "�p&ASTERISK-1822;Hl&ASTERISK-1447;\030h&ASTERISK-1447;", '\0' <repeats 12 times>, "4�&ASTERISK-1950;\000 \000\000\000\000\000\000\000�Z��\\m&ASTERISK-1447;�f&ASTERISK-1447;\035i&ASTERISK-1950;\\m&ASTERISK-1447;�m&ASTERISK-1447;<n&ASTERISK-1447;\000\000\000\000<n&ASTERISK-1447;�Z��Z\ 037\021\b\000\000\000\000\020g&ASTERISK-1447;\224�&ASTERISK-1950;$�&ASTERISK-1886;�\217&ASTERISK-1447;8\000\000\000\000\000\000\000�Z��\ 000\000\000\000Y\037\021\b8m&ASTERISK-1447;wj&ASTERISK-1822;\\m&ASTERISK-1447;Y\037\021\b\001", '\0' <repeats 19 times>, " \224�&ASTERISK-1950;$�&ASTERISK-1886;\000\000\000\000qO"... privcid = '\0' <repeats 208 times>, "1287", '\0' <repeats 24 times>, "4� &ASTERISK-1950;\000\000\000\000\000\000\000\000�Z��\200l&ASTERISK-1447;" opermode = 0 args = {argc = 1, argv = 0xb6d66ebc, peers = 0xb6d660b0 "Jingle", timeout = 0x0, options = 0x0, url = 0x0} opts = {flags = 0} opt_args = {0x81081c4 "logger.c", 0x36f <Address 0x36f out of bounds>, 0x81087f8 "ast_verbose", 0x811b553 "%s", 0x8166464 " -- Executing [912@test_jingle:2] \033[1;36;40mDial\033[0;37;40m (\"\033[1;35;40mSIP/xlite-081e3c78\033[0;37;40m\", \"\033[1;35;40mJingle/asteris k/eschalkwyk@gmail.com\033[0;37;40m\") in new stack\n", 0xb6d66f28 "��&ASTERISK-1447;��\a\b", 0x80853a5 "�7����%", 0xb6d6d24c "\033[1;36;40mDial\033[0;37;40m", 0x50 <Address 0x50 out of bounds>} __PRETTY_FUNCTION__ = "dial_exec_full" #4 0xb6f4950b in dial_exec (chan=0x0, data=0x65000000) at app_dial.c:1645 peerflags = {flags = 0} ---Type <return> to continue, or q <return> to quit--- ASTERISK-1 0x0807c9fe in pbx_extension_helper (c=0x8165f00, con=<value optimized out>, context=0x8166080 "test_jingle", exten=0x81660d0 "912", priority=2, label=0x0, callerid=0x8165888 "5678", action=E_SPAWN) at pbx.c:505 e = <value optimized out> app = (struct ast_app *) 0x81b2e30 res = <value optimized out> q = {incstack = {0x0 <repeats 128 times>}, stacklen = 0, status = 5, swo = 0x0, data = 0x0, foundcontext = 0x8166080 "test_jingle"} passdata = "Jingle/asterisk/realadd@gmail.com", '\0' <repeats 8155 ti mes> matching_action = 0 __PRETTY_FUNCTION__ = "pbx_extension_helper" ASTERISK-2 0x0807dd02 in __ast_pbx_run (c=0x8165f00) at pbx.c:2158 dst_exten = '\0' <repeats 108 times>, "d�&ASTERISK-1950;", '\0' <repeats 24 times>, "( s��\000\000\000\000\020\000\000\000\000\000\000\000��&ASTERISK-1950;\000\000\000\000\f\000\000 \000�Z��\f\000\000\000 s����&ASTERISK-1447;\206\001&ASTERISK-2012;w~��\f\000\000\000\000\000\000\000�\224\00 1\000\f\000\000\000@{\036\b�b\026\b�b\026\b\000_\026\b\b�&ASTERISK-1447;]�\n\b��\023\b\f", '\0 ' <repeats 11 times>, "�Z�� s���b\026\b" pos = 0 digit = <value optimized out> found = 1 res = 0 ---Type <return> to continue, or q <return> to quit--- __PRETTY_FUNCTION__ = "__ast_pbx_run" ASTERISK-3 0x0807ea1e in pbx_thread (data=0x0) at pbx.c:2469 No locals. ASTERISK-4 0x080c0490 in dummy_start (data=0x0) at utils.c:538 _buffer = {__routine = 0x80af2f0 <ast_unregister_thread>, __arg = 0xb6d6dbb0, __canceltype = 0, __prev = 0x0} ret = <value optimized out> ASTERISK-5 0xb7f36341 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. ASTERISK-6 0xb7e544ee in clone () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. --- | ||
Comments: | By: Clod Patry (junky) 2006-08-19 20:44:07 muppetmaster: try that patch and let me know how it goes for ya. By: muppetmaster (muppetmaster) 2006-08-20 03:04:57 I patched, recompiled and installed. Ran the same test with the same output on the CLI, and received another seg fault. I have attached the bt as 'btfull2.txt'. By: Anthony LaMantia (alamantia) 2006-09-11 11:48:16 Was asterisk built with DONT OPTIMIZE checked in menuselect(which is located in the COMPILER FLAGS section of menuselect)? If not, you will need to rebuild Asterisk and provide new bt's. Thanks. By: Anthony LaMantia (alamantia) 2006-09-15 05:55:38 please try using the patch i've just uploaded. By: Anthony LaMantia (alamantia) 2006-09-19 15:59:50 Hello, the latest revision as the trunk version of asterisk has a suite of improvments dealing with gtalk integration (a new chan_gtalk) among other things.. is there anyway you can see if this problem is still an issue for you when using the latest gtalk implimentation? By: Anthony LaMantia (alamantia) 2006-09-26 16:37:16 muppetmaster, any updates? By: rdlang (rdlang) 2006-10-01 18:17:39 seems to be (at least) related to the bug i submitted: 8041 By: Matt O'Gorman (mogorman) 2006-10-03 17:37:28 can you try this with the latest chan_gtalk in trunk or branch 1.4 you can also reach me at mogorman@digium.com over email or jabber. By: rdlang (rdlang) 2006-10-05 17:18:07 At the request of mogorman I have added some extre debug_log lines to the file chan_gtalk.c at function gtalk_pvt. This lead to the discovery that it crashes at ' resources = buddy->resources; ' (line 842) just after ' if (buddy) ' mogorman told me: it is an issue relating to guest buddy and probably relating to derefrencing a null pointer in resources He als told me that there is an option in gtalk to allow dialing of guest users not defined in config file. That is what it appeared to be doing. By: rdlang (rdlang) 2006-10-09 15:01:54 also happens with normal buddy's, so seems not to be limited to guest accounts By: Terry Wilson (twilson) 2006-10-10 20:15:01 Patch uploaded that fixes the segfault for me. ast_strdupa uses alloca which doesn't need to be free()'d (if I'm reading the man pages right). Oh, and disclaimer on file, etc. By: Matt O'Gorman (mogorman) 2006-10-12 15:35:41 serge-v you do need to free said memory, however you should probably use it before you do so ^_^. By: Matt O'Gorman (mogorman) 2006-10-12 15:36:05 fixed in latest 1.4 and in 30 seconds trunk By: Terry Wilson (twilson) 2006-10-13 13:05:15 I hate to do this to you, but I get the exact same segfault with the current code that I did before--and nowhere else in the code (chan_sip.c, chan_iax2.c tested), do I see an ast_strdupa followed by a free... and removing the free fixes the issue... and from man alloca (which ast_strdupa uses): ALLOCA(3) Linux Programmer?s Manual ALLOCA(3) NAME alloca - memory allocator SYNOPSIS #include <alloca.h> void *alloca(size_t size); DESCRIPTION The alloca() function allocates size bytes of space in the stack frame of the caller. This temporary space is automatically freed when the function that called alloca() returns to its caller. By: Anthony LaMantia (alamantia) 2006-10-16 17:53:41 from the commenting inside of utils.h /*! \brief duplicate a string in memory from the stack \param s The string to duplicate This macro will duplicate the given string. It returns a pointer to the stack allocatted memory for the new string. */ #define ast_strdupa(s) \ (__extension__ \ ({ \ const char *__old = (s); \ size_t __len = strlen(__old) + 1; \ char *__new = __builtin_alloca(__len); \ memcpy (__new, __old, __len); \ __new; \ })) #endif it seems like the returned value from this macro is not managed by ptmalloc/whatever the native malloc implimenation is on the system and really would not have to be free()'d By: jmls (jmls) 2006-11-12 12:21:19.000-0600 ping. housekeeping. where are we with this ? By: jaguiar (jaguiar) 2006-12-31 02:59:39.000-0600 I could reproduce this problem in 1.4.0 release. When I put or received a call I got a segmentation fault. I applied the twilson patch and the other patch and everything looks ok. By: sailer (sailer) 2007-01-02 10:13:40.000-0600 I've uploaded two patches (I have a disclaimer on file): - asterisk-gtalk-nofreeafteralloca.patch.txt removes all free's of alloca'ed pointers I could find. I haven't fixed constructs like x = alloca(...); if (x) {...} The if is useless, the return value of alloca (and friends like strdupa) can never be NULL, as memory gets allocated on the stack. If you exceed your stack limit, you get a segfault on first access instead. - asterisk-gtalk-null.patch.txt prevents a segfault when trying to dial out. It's likely I configured the channel wrongly, but I find it more friendly to get "gtalk_alloc: no gtalk capable clients to talk to" instead of "segmentation fault". NB: these patches are against 1.4.0, but trunk seems not to contain these fixes as well. By: Jason Parker (jparker) 2007-02-20 20:05:26.000-0600 asterisk-gtalk-null.patch committed in svn 1.4 and trunk in revisions 55799 and 55805 (chan_gtalk and chan_jingle) in trunk. asterisk-gtalk-nofreeafteralloca.patch had already been fixed earlier today (rev 55555!). |