Summary:ASTERISK-12529: crash related to ast_rtp_new_source
Reporter:pj (pj)Labels:
Date Opened:2008-08-06 02:40:04Date Closed:2008-08-06 10:50:17
Versions:Frequency of
Description:Random crashes after upgrading from 1.4.17 do
After investigating this issue, we found that source of this crash is similar to bugreport ASTERISK-1259669
To avoid crashes in chan_h323, we add similar check for existence of RTP structure before calling ast_rtp_new_source()
Seems, that source of both issues (chan_skinny before and chan_h323 now) is in svn commit r106235. So maybe other channels affected by this commit potentially can be still cause of another crashes.


debug from coredump (from optimized build

(gdb) bt
#0  0x080c38c2 in ast_rtp_new_source ()
#1  0x2ba66296 in set_dtmf_payload (call_reference=134725287, token=0x8224880 " 5+(\"\bO\022\b\235L\"\bL\"\bO\022\bO\022\bO\022\b\220L\"\b",
   payload=20) at chan_h323.c:1542
#2  0x553f52dc in ?? ()

#0  0x080c38c2 in ast_rtp_new_source ()
#1  0x2a24e296 in set_dtmf_payload (call_reference=134725287, token=0x822dd40 " (*-\"\bO\022\b^\"\b~\"\bO\022\bO\022\bO\022\bP\"\b",
   payload=20) at chan_h323.c:1542
#2  0x59ff52dc in ?? ()

#0  0x080c38c2 in ast_rtp_new_source ()
#1  0x2bc9a296 in set_dtmf_payload (call_reference=134725287, token=0x823fee0 " u+x\"\bO\022\bn\"\bn\"\bO\022\bO\022\bO\022\bn\"\b",
   payload=20) at chan_h323.c:1542
#2  0x5affa76c in ?? ()
Comments:By: Digium Subversion (svnbot) 2008-08-06 10:50:16

Repository: asterisk
Revision: 136062

U   branches/1.4/channels/chan_skinny.c
U   branches/1.4/main/rtp.c

r136062 | mmichelson | 2008-08-06 10:50:15 -0500 (Wed, 06 Aug 2008) | 16 lines

Since adding the AST_CONTROL_SRCUPDATE frame type,
there are places where ast_rtp_new_source may be called
where the tech_pvt of a channel may not yet have an
rtp structure allocated. This caused a crash in chan_skinny,
which was fixed earlier, but now the same crash has been
reported against chan_h323 as well. It seems that the best
solution is to modify ast_rtp_new_source to not attempt to
set the marker bit if the rtp structure passed in is NULL.

This change to ast_rtp_new_source also allows the removal
of what is now a redundant pointer check from chan_skinny.

(closes issue ASTERISK-12529)
Reported by: pj