Summary:ASTERISK-07560: [patch] Jingle channel dial attempt causes Asterisk to segmentation fault
Reporter:muppetmaster (muppetmaster)Labels:
Date Opened:2006-08-19 14:45:09Date Closed:2007-02-20 20:05:28.000-0600
Versions:Frequency of
Environment:Attachments:( 0) asterisk-gtalk-nofreeafteralloca.patch.txt
( 1) asterisk-gtalk-null.patch.txt
( 2) btfull2.txt
( 3) chan_gtalk_free_fix.patch.txt
( 4) jabber.conf
( 5) jingle.conf
( 6) jinglediff.txt
( 7) M7764.txt
( 8) twilson-indent.diff
Description:When a call is attempted via the Jingle channel the SVN TRUNK version throws a segmentation fault.


- CLI Output running safe_asterisk

   -- Executing [912@test_jingle:1] JabberSend("SIP/xlite-081e3c78", "asterisk|realadd@gmail.com|I am trying to call you via the Asterisk Jingle implementation to Gtalk - This message sent from Asterisk") in new stack
[Aug 19 21:39:15] WARNING[1216]: res_jabber.c:1287 ast_aji_send: JABBER: Not connected can't send
   -- Executing [912@test_jingle:2] Dial("SIP/xlite-081e3c78", "Jingle/asterisk/realadd@gmail.com") in new stack
Disconnected from Asterisk server
me@BCNLLULL:~$ /usr/sbin/safe_asterisk: line 111:  1179 Segmentation fault      (core dumped) nice -n $PRIORITY ${ASTSBINDIR}/asterisk ${CLIARGS} ${ASTARGS} >&/dev/${TTY} </dev/${TTY}
Asterisk ended with exit status 139
Asterisk exited on signal 11.

- bt full

#0  0xb727a2dc in jingle_alloc (client=0x81a46c8,
   from=0xb6d65fc9 "realadd@gmail.com", sid=0x0) at chan_jingle.c:706
706                             resources = client->buddy->resources;
(gdb) bt full
#0  0xb727a2dc in jingle_alloc (client=0x81a46c8,
   from=0xb6d65fc9 "realadd@gmail.com", sid=0x0) at chan_jingle.c:706
       tmp = <value optimized out>
       resources = <value optimized out>
       idroster = '\0' <repeats 180 times>, "w~&#65533;&#65533;", '\0' <repeats 12 times>, "\ 221g&ASTERISK-2012;"
       __PRETTY_FUNCTION__ = "jingle_alloc"
#1  0xb727a5c7 in jingle_request (type=0xb6d660b0 "Jingle", format=4,
   data=0xb6d66dd4, cause=0xb6d66eec) at chan_jingle.c:1373
       __r0 = 47 '/'
       p = <value optimized out>
       client = (struct jingle *) 0x0
       sender = 0xb6d65fc0 "asterisk"
       to = 0xb6d65fc9 "realadd@gmail.com"
       s = 0x0
       chan = <value optimized out>
       __PRETTY_FUNCTION__ = "jingle_request"
#2  0x080656e1 in ast_request (type=0xb6d660b0 "Jingle", format=4, data=0x0,
   cause=0xb6d66eec) at channel.c:2720
       chan = (struct chanlist *) 0x81a3720
       c = <value optimized out>
       capabilities = 4
       fmt = 4
---Type <return> to continue, or q <return> to quit---
       res = <value optimized out>
       foo = 102608
       videoformat = 4
       __PRETTY_FUNCTION__ = "ast_request"
#3  0xb6f44576 in dial_exec_full (chan=0x8165f00, data=<value optimized out>,
   peerflags=0xb6d66f24) at app_dial.c:1074
       __r0 = 47 '/'
       res = -1
       u = (struct localuser *) 0x8166388
       rest = 0x0
       cur = <value optimized out>
       outgoing = (struct dial_localuser *) 0x0
       peer = <value optimized out>
       to = <value optimized out>
       numbusy = 0
       numcongestion = 0
       numnochan = 0
       cause = 0
       numsubst = "asterisk/realadd@gmail.com\000&ASTERISK-1447;\bn&ASTERISK-1447;\027\000\000\000\233\0 04\000\000\230\232&#65533;&#65533;,n&ASTERISK-1447;\210n&ASTERISK-1447;7\006\v\b`&#65533;&ASTERISK-1572;\027\000\000\000\236\000\000\000\000\00 0\000\000P\000\000"
       cidname = "8\227&ASTERISK-1950;&#65533;`&#65533;&#65533;\000P&#65533;&#65533;&#65533;\000\000\000\000P&#65533;&#65533;&#65533;Z&#65533;&#65533;\025e\026\b\000\000\ 000\000&#65533;m&ASTERISK-1447;R&#65533;&ASTERISK-1950;&#65533;`&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;\000\000\000&#65533;&#65533;&#65533;&#65533;L&#65533;&ASTERISK-1447;&#65533;\000\000\000\000\000\000\001\001\0---T ype <return> to continue, or q <return> to quit---
       privdb_val = 0
       calldurationlimit = 0
       timelimit = 0
       play_warning = 0
       warning_freq = 0
       warning_sound = 0x0
       end_sound = 0x0
       start_sound = 0x0
       dtmfcalled = 0x0
       dtmfcalling = 0x0
       status = "\\l&ASTERISK-1447;1&#65533;&ASTERISK-1950;\200l&ASTERISK-1447;,n&ASTERISK-1447;{n40\000\000\000\000{n&ASTERISK-1447;&#65533;Z&#65533;&#65533;ck\021\b\234m&ASTERISK-1447;lm&ASTERISK-1447;6j &ASTERISK-1950;\200l&ASTERISK-1447;ck\021\b&#65533;m&ASTERISK-1447;,n&ASTERISK-1447;\000\000\000\000 m&ASTERISK-1447;\200l&ASTERISK-1447;\001\200&#65533;&#65533;,n&ASTERISK-1447;,n&ASTERISK-1447;,n&ASTERISK-1447;,n&ASTERISK-1447;Gn&ASTERISK-1447;{n&ASTERISK-1447;,n&ASTERISK-1447;{n&ASTERISK-1447; ", '\0' <repeats 20 times>, "`P&#65533;&#65533;\000\000\000\000\204\a&#65533;&#65533;\000\000\000&#65533;\000\000\0 00\000<&#65533;\222&#65533;$m&ASTERISK-1447;\033[1;37;4&#65533;&#65533;&#65533;&#65533;87\033[0;37;40m\000\000\000\000\000\000\000\000:\ 000\000\000\006&#65533;\222&#65533;4&#65533;&ASTERISK-1950;<&#65533;\222&#65533;'\000"...
       play_to_caller = 0
       play_to_callee = 0
       sentringing = <value optimized out>
       moh = <value optimized out>
       outbound_group = 0x0
       result = <value optimized out>
       start_time = <value optimized out>
---Type <return> to continue, or q <return> to quit---
       privintro = "\\l&ASTERISK-1447;wj&ASTERISK-1822;\200l&ASTERISK-1447;xk\021\b\001", '\0' <repeats 47 times>, " &#65533;\02 1\b", '\0' <repeats 32 times>, "&#65533;p&ASTERISK-1822;Hl&ASTERISK-1447;\030h&ASTERISK-1447;", '\0' <repeats 12 times>, "4&#65533;&ASTERISK-1950;\000 \000\000\000\000\000\000\000&#65533;Z&#65533;&#65533;\\m&ASTERISK-1447;&#65533;f&ASTERISK-1447;\035i&ASTERISK-1950;\\m&ASTERISK-1447;&#65533;m&ASTERISK-1447;<n&ASTERISK-1447;\000\000\000\000<n&ASTERISK-1447;&#65533;Z&#65533;&#65533;Z\ 037\021\b\000\000\000\000\020g&ASTERISK-1447;\224&#65533;&ASTERISK-1950;$&#65533;&ASTERISK-1886;&#65533;\217&ASTERISK-1447;8\000\000\000\000\000\000\000&#65533;Z&#65533;&#65533;\ 000\000\000\000Y\037\021\b8m&ASTERISK-1447;wj&ASTERISK-1822;\\m&ASTERISK-1447;Y\037\021\b\001", '\0' <repeats 19 times>, " \224&#65533;&ASTERISK-1950;$&#65533;&ASTERISK-1886;\000\000\000\000qO"...
       privcid = '\0' <repeats 208 times>, "1287", '\0' <repeats 24 times>, "4&#65533; &ASTERISK-1950;\000\000\000\000\000\000\000\000&#65533;Z&#65533;&#65533;\200l&ASTERISK-1447;"
       opermode = 0
       args = {argc = 1, argv = 0xb6d66ebc, peers = 0xb6d660b0 "Jingle",
 timeout = 0x0, options = 0x0, url = 0x0}
       opts = {flags = 0}
       opt_args = {0x81081c4 "logger.c", 0x36f <Address 0x36f out of bounds>,
 0x81087f8 "ast_verbose", 0x811b553 "%s",
 0x8166464 "    -- Executing [912@test_jingle:2] \033[1;36;40mDial\033[0;37;40m (\"\033[1;35;40mSIP/xlite-081e3c78\033[0;37;40m\", \"\033[1;35;40mJingle/asteris k/eschalkwyk@gmail.com\033[0;37;40m\") in new stack\n",
 0xb6d66f28 "&#65533;&#65533;&ASTERISK-1447;&#65533;&#65533;\a\b", 0x80853a5 "&#65533;7&#65533;&#65533;&#65533;&#65533;%",
 0xb6d6d24c "\033[1;36;40mDial\033[0;37;40m",
 0x50 <Address 0x50 out of bounds>}
       __PRETTY_FUNCTION__ = "dial_exec_full"
#4  0xb6f4950b in dial_exec (chan=0x0, data=0x65000000) at app_dial.c:1645
       peerflags = {flags = 0}
---Type <return> to continue, or q <return> to quit---
ASTERISK-1  0x0807c9fe in pbx_extension_helper (c=0x8165f00,
   con=<value optimized out>, context=0x8166080 "test_jingle",
   exten=0x81660d0 "912", priority=2, label=0x0, callerid=0x8165888 "5678",
   action=E_SPAWN) at pbx.c:505
       e = <value optimized out>
       app = (struct ast_app *) 0x81b2e30
       res = <value optimized out>
       q = {incstack = {0x0 <repeats 128 times>}, stacklen = 0, status = 5,
 swo = 0x0, data = 0x0, foundcontext = 0x8166080 "test_jingle"}
       passdata = "Jingle/asterisk/realadd@gmail.com", '\0' <repeats 8155 ti mes>
       matching_action = 0
       __PRETTY_FUNCTION__ = "pbx_extension_helper"
ASTERISK-2  0x0807dd02 in __ast_pbx_run (c=0x8165f00) at pbx.c:2158
       dst_exten = '\0' <repeats 108 times>, "d&#65533;&ASTERISK-1950;", '\0' <repeats 24 times>, "( s&#65533;&#65533;\000\000\000\000\020\000\000\000\000\000\000\000&#65533;&#65533;&ASTERISK-1950;\000\000\000\000\f\000\000 \000&#65533;Z&#65533;&#65533;\f\000\000\000 s&#65533;&#65533;&#65533;&#65533;&ASTERISK-1447;\206\001&ASTERISK-2012;w~&#65533;&#65533;\f\000\000\000\000\000\000\000&#65533;\224\00 1\000\f\000\000\000@{\036\b&#65533;b\026\b&#65533;b\026\b\000_\026\b\b&#65533;&ASTERISK-1447;]&#65533;\n\b&#65533;&#65533;\023\b\f", '\0 ' <repeats 11 times>, "&#65533;Z&#65533;&#65533; s&#65533;&#65533;&#65533;b\026\b"
       pos = 0
       digit = <value optimized out>
       found = 1
       res = 0
---Type <return> to continue, or q <return> to quit---
       __PRETTY_FUNCTION__ = "__ast_pbx_run"
ASTERISK-3  0x0807ea1e in pbx_thread (data=0x0) at pbx.c:2469
No locals.
ASTERISK-4  0x080c0490 in dummy_start (data=0x0) at utils.c:538
       _buffer = {__routine = 0x80af2f0 <ast_unregister_thread>,
 __arg = 0xb6d6dbb0, __canceltype = 0, __prev = 0x0}
       ret = <value optimized out>
ASTERISK-5  0xb7f36341 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
ASTERISK-6 0xb7e544ee in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Comments:By: Clod Patry (junky) 2006-08-19 20:44:07

muppetmaster: try that patch and let me know how it goes for ya.

By: muppetmaster (muppetmaster) 2006-08-20 03:04:57

I patched, recompiled and installed.  Ran the same test with the same output on the CLI, and received another seg fault.  I have attached the bt as 'btfull2.txt'.

By: Anthony LaMantia (alamantia) 2006-09-11 11:48:16

Was asterisk built with DONT OPTIMIZE checked in menuselect(which is located in the COMPILER FLAGS section of menuselect)? If not, you will need to rebuild Asterisk and provide new bt's. Thanks.

By: Anthony LaMantia (alamantia) 2006-09-15 05:55:38

please try using the patch i've just uploaded.

By: Anthony LaMantia (alamantia) 2006-09-19 15:59:50

the latest revision as the trunk version of asterisk has a suite of improvments dealing with gtalk integration (a new chan_gtalk) among other things..

is there anyway you can see if this problem is still an issue for you when using the latest gtalk implimentation?

By: Anthony LaMantia (alamantia) 2006-09-26 16:37:16

muppetmaster, any updates?

By: rdlang (rdlang) 2006-10-01 18:17:39

seems to be (at least) related to the bug i submitted: 8041

By: Matt O'Gorman (mogorman) 2006-10-03 17:37:28

can you try this with the latest chan_gtalk in trunk or branch 1.4 you can also reach me at mogorman@digium.com over email or jabber.

By: rdlang (rdlang) 2006-10-05 17:18:07

At the request of mogorman I have added some extre debug_log lines to the file chan_gtalk.c at function gtalk_pvt. This lead to the discovery that it crashes at  ' resources = buddy->resources; ' (line 842) just after ' if (buddy) '

mogorman told me: it is an issue relating to guest buddy and probably relating to derefrencing a null pointer in resources

He als told me that there is an option in gtalk to allow dialing of guest users not defined in config file. That is what it appeared to be doing.

By: rdlang (rdlang) 2006-10-09 15:01:54

also happens with normal buddy's, so seems not to be limited to guest accounts

By: Terry Wilson (twilson) 2006-10-10 20:15:01

Patch uploaded that fixes the segfault for me.  ast_strdupa uses alloca which doesn't need to be free()'d (if I'm reading the man pages right).  Oh, and disclaimer on file, etc.

By: Matt O'Gorman (mogorman) 2006-10-12 15:35:41

serge-v you do need to free said memory, however you should probably use it before you do so ^_^.

By: Matt O'Gorman (mogorman) 2006-10-12 15:36:05

fixed in latest 1.4 and in 30 seconds trunk

By: Terry Wilson (twilson) 2006-10-13 13:05:15

I hate to do this to you, but I get the exact same segfault with the current code that I did before--and nowhere else in the code (chan_sip.c, chan_iax2.c tested), do I see an ast_strdupa followed by a free... and removing the free fixes the issue... and from man alloca (which ast_strdupa uses):
ALLOCA(3)                  Linux Programmer?s Manual                 ALLOCA(3)

      alloca - memory allocator

      #include <alloca.h>

      void *alloca(size_t size);

      The  alloca() function allocates size bytes of space in the stack frame of the caller.  This temporary space is
      automatically freed when the function that called alloca() returns to its caller.

By: Anthony LaMantia (alamantia) 2006-10-16 17:53:41

from the commenting inside of utils.h

 \brief duplicate a string in memory from the stack
 \param s The string to duplicate

 This macro will duplicate the given string.  It returns a pointer to the stack
 allocatted memory for the new string.
#define ast_strdupa(s)                                                    \
(__extension__                                                    \
({                                                                \
const char *__old = (s);                                  \
size_t __len = strlen(__old) + 1;                         \
char *__new = __builtin_alloca(__len);                    \
memcpy (__new, __old, __len);                             \
__new;                                                    \

it seems like the returned value from this macro is not managed by ptmalloc/whatever the native malloc implimenation is on the system and really would not have to be free()'d

By: jmls (jmls) 2006-11-12 12:21:19.000-0600

ping. housekeeping. where are we with this ?

By: jaguiar (jaguiar) 2006-12-31 02:59:39.000-0600

I could reproduce this problem in 1.4.0 release. When I put or received a call I got a segmentation fault. I applied the twilson patch and the other patch and everything looks ok.

By: sailer (sailer) 2007-01-02 10:13:40.000-0600

I've uploaded two patches (I have a disclaimer on file):
- asterisk-gtalk-nofreeafteralloca.patch.txt removes all free's of alloca'ed pointers I could find. I haven't fixed constructs like x = alloca(...); if (x) {...} The if is useless, the return value of alloca (and friends like strdupa) can never be NULL, as memory gets allocated on the stack. If you exceed your stack limit, you get a segfault on first access instead.

- asterisk-gtalk-null.patch.txt prevents a segfault when trying to dial out. It's likely I configured the channel wrongly, but I find it more friendly to get "gtalk_alloc: no gtalk capable clients to talk to" instead of "segmentation fault".

NB: these patches are against 1.4.0, but trunk seems not to contain these fixes as well.

By: Jason Parker (jparker) 2007-02-20 20:05:26.000-0600

asterisk-gtalk-null.patch committed in svn 1.4 and trunk in revisions 55799 and 55805 (chan_gtalk and chan_jingle) in trunk.

asterisk-gtalk-nofreeafteralloca.patch had already been fixed earlier today (rev 55555!).