| Summary: | ASTERISK-11696: Receiving RTP PDUs crashes Asterisk core | ||
| Reporter: | Michael_qq12345 (qq12345) | Labels: | |
| Date Opened: | 2008-03-21 11:24:56 | Date Closed: | 2011-06-07 14:00:53 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | I use app_rtsp from fontventa to reproduce this issue. Since mid of december asterisk crashes regularly when receiving a video stream. Crash is independent of the channel: chan_sip, chan_local, chan_misdn crashing all the core. It is an issue of asterisk, because the place of the crash changed this week after the release of the RTP/RTSP security fixes. Additional hint is the completely different malloc'ed adress in the crash. The content of the stream (mpeg-4 video, h263 video, and/or ulaw, AMR) are out of scope. The crash is always. After the notification "*** glibc detected *** asterisk: malloc(): memory corruption: 0x082e8300 ***" the application behaves like dead. mISDN 1.2 or mISDN 1.1.7 are out of scope. ****** ADDITIONAL INFORMATION ****** [Mar 21 17:19:49] DEBUG[14514]: chan_sip.c:3866 do_setnat: Setting NAT on RTP to On [Mar 21 17:19:49] DEBUG[14514]: chan_sip.c:3870 do_setnat: Setting NAT on VRTP to On [Mar 21 17:19:49] DEBUG[14514]: chan_sip.c:16416 handle_request_invite: Checking SIP call limits for device 102 [Mar 21 17:19:49] DEBUG[14514]: chan_sip.c:2532 __sip_xmit: Trying to put 'SIP/2.0 10' onto UDP socket destined for 192.168.201.50 [Mar 21 17:19:49] DEBUG[14514]: sched.c:338 ast_sched_runq: ast_sched_runq() [Mar 21 17:19:49] DEBUG[14514]: sched.c:146 ast_sched_wait: ast_sched_wait() [Mar 21 17:19:49] DEBUG[14514]: pbx.c:2764 pbx_extension_helper: Launching 'Answer' -- Executing [333@sip-context:1] Answer("SIP/102-082dd9a8", "") in new stack [Mar 21 17:19:49] DEBUG[14514]: chan_sip.c:4892 sip_answer: SIP answering channel: SIP/102-082dd9a8 [Mar 21 17:19:49] DEBUG[14514]: chan_sip.c:8343 transmit_response_with_sdp: Setting framing from config on incoming call [Mar 21 17:19:49] DEBUG[14514]: chan_sip.c:8053 add_sdp: ** Our capability: 0x18040c (ulaw|alaw|ilbc|h263|h263p) Video flag: False Text flag: True [Mar 21 17:19:49] DEBUG[14514]: chan_sip.c:8054 add_sdp: ** Our prefcodec: 0x0 (nothing) [Mar 21 17:19:49] DEBUG[14514]: sched.c:219 ast_sched_add_variable: ast_sched_add() [Mar 21 17:19:49] DEBUG[14514]: chan_sip.c:2532 __sip_xmit: Trying to put 'SIP/2.0 20' onto UDP socket destined for 192.168.201.50 [Mar 21 17:19:49] DEBUG[14514]: pbx.c:2764 pbx_extension_helper: Launching 'rtsp' -- Executing [333@sip-context:2] rtsp("SIP/102-082dd9a8", "rtsp://132.176.185.251/test_h263_1998_hinted.3gp") in new stack *** glibc detected *** asterisk: malloc(): memory corruption: 0x082e8300 *** | ||
| Comments: | By: Joshua C. Colp (jcolp) 2008-03-21 13:53:09 Please reproduce this using only in-tree modules and attach a backtrace. By: Michael_qq12345 (qq12345) 2008-03-21 15:13:39 Hi Experts, may I stupid Developer kindly ask, what do you mean with in-tree modules? Modules in the svn/asterisk branch only? May I ask You, how can I force turning the message: "*** glibc detected *** asterisk: malloc(): memory corruption: 0x082e8300 ***" into a core dump? Currently the message looks for me, that GCC's internal stack and heap checks throw this message. Can I enforce GCC to dump a core instead of proceeding? Thanks for any response, Michael By: Joshua C. Colp (jcolp) 2008-03-21 15:25:04 Correct. This has to be reproduced without using app_rtsp. The memory detection stuff can be disabled by typing export MALLOC_CHECK_=0 before starting Asterisk. By: Jason Parker (jparker) 2008-04-01 14:05:26 Please reopen if you can reproduce without app_rtsp. | ||