Summary:ASTERISK-18719: res_jabber segfault when using function JABBER_RECEIVE with no message (as when receiving buddy typing notifications)
Reporter:Jonathan Rose (jrose)Labels:
Date Opened:2011-08-24 16:31:51Date Closed:2011-11-07 10:06:30.000-0600
Versions:1.8.3 Frequency of
Environment:Ubuntu 10.04Attachments:( 0) backtrace
( 1) bug1.patch
Description:This affects all releases of Asterisk 1.8 on my machine and trunk as well.

Assume the following in jabber.conf being the only thing worth mentioning:

And assume the following relevant stuff in extensions.conf:
exten => coldness,1,NoOp(Jabber Google Test)
exten => coldness,n,Answer()
exten => coldness,n,Set(OPTION=${JABBER_RECEIVE(google,jrosedigium2@gmail.com,6000)})
exten => coldness,n,NoOp(google replied with: ${OPTION})

I dial coldness on a sip peer and start typing on jrosedigium2@gmail.com using pidgin. Asterisk gets a message from my typing visible with jabber debug and immediately crashes with a segfault from trying to use ast_strdupa on a null string.

Bypassing that via code override, it crashes when trying to perform a string copy on a similar string.

Bypassing that, the set function ends with a blank string.

Ideal behavior would be for this function ignore blank jabber messages since all those are for is typing indications like the ones some of us use to pretend to be psychic.

Attached is a backtrace of the most common failure mode. The actual modes of failure were somewhat elaborate and I even encountered a number of times where the segfault didn't occur (though it does occur more than 90% of the time as described).  I suspect locking may be involved, but couldn't get any useful lock data with debug threads.
Comments:By: Jonathan Rose (jrose) 2011-08-24 16:57:32.754-0500

Here's a pretty quick patch I came up with for this one that works. Not 100% sure if it should be able to get this far on a blank message at all though.

By: Jonathan Rose (jrose) 2011-11-07 10:06:30.566-0600

No longer seems reproducible.