| Summary: | ASTERISK-12529: crash related to ast_rtp_new_source | ||
| Reporter: | pj (pj) | Labels: | |
| Date Opened: | 2008-08-06 02:40:04 | Date Closed: | 2008-08-06 10:50:17 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_h323 |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | Random crashes after upgrading from 1.4.17 do 1.4.21.2 After investigating this issue, we found that source of this crash is similar to bugreport ASTERISK-1259669 To avoid crashes in chan_h323, we add similar check for existence of RTP structure before calling ast_rtp_new_source() Seems, that source of both issues (chan_skinny before and chan_h323 now) is in svn commit r106235. So maybe other channels affected by this commit potentially can be still cause of another crashes. ****** ADDITIONAL INFORMATION ****** debug from coredump (from optimized build 1.4.21.1) (gdb) bt #0 0x080c38c2 in ast_rtp_new_source () #1 0x2ba66296 in set_dtmf_payload (call_reference=134725287, token=0x8224880 " 5+(\"\bO\022\b\235L\"\bL\"\bO\022\bO\022\bO\022\b\220L\"\b", payload=20) at chan_h323.c:1542 #2 0x553f52dc in ?? () #0 0x080c38c2 in ast_rtp_new_source () #1 0x2a24e296 in set_dtmf_payload (call_reference=134725287, token=0x822dd40 " (*-\"\bO\022\b^\"\b~\"\bO\022\bO\022\bO\022\bP\"\b", payload=20) at chan_h323.c:1542 #2 0x59ff52dc in ?? () #0 0x080c38c2 in ast_rtp_new_source () #1 0x2bc9a296 in set_dtmf_payload (call_reference=134725287, token=0x823fee0 " u+x\"\bO\022\bn\"\bn\"\bO\022\bO\022\bO\022\bn\"\b", payload=20) at chan_h323.c:1542 #2 0x5affa76c in ?? () | ||
| Comments: | By: Digium Subversion (svnbot) 2008-08-06 10:50:16 Repository: asterisk Revision: 136062 U branches/1.4/channels/chan_skinny.c U branches/1.4/main/rtp.c ------------------------------------------------------------------------ r136062 | mmichelson | 2008-08-06 10:50:15 -0500 (Wed, 06 Aug 2008) | 16 lines Since adding the AST_CONTROL_SRCUPDATE frame type, there are places where ast_rtp_new_source may be called where the tech_pvt of a channel may not yet have an rtp structure allocated. This caused a crash in chan_skinny, which was fixed earlier, but now the same crash has been reported against chan_h323 as well. It seems that the best solution is to modify ast_rtp_new_source to not attempt to set the marker bit if the rtp structure passed in is NULL. This change to ast_rtp_new_source also allows the removal of what is now a redundant pointer check from chan_skinny. (closes issue ASTERISK-12529) Reported by: pj ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=136062 | ||