Summary:ASTERISK-22061: crash - Dialing chan_gulp/pjsip with explicit SIP URI results in segfault in ast_sip_session_send_request_with_cb at res_sip_session.c
Reporter:Rusty Newton (rnewton)Labels:
Date Opened:2013-07-09 19:09:02Date Closed:2013-07-16 14:14:04
Versions:SVN Frequency of
Environment:SVN-trunk-r393816Attachments:( 0) ASTERISK-22061.patch
( 1) backtrace.txt
( 2) full.txt
( 3) res_sip.txt
Description:Dialing from trunk/res_sip to 1.8/chan_sip

Dialing like:

exten => _9NXXNXXXXXX,1,Dial(GULP/rustytel/sip:${EXTEN:1}@

Results in the attached trace and debug.
Comments:By: Mark Michelson (mmichelson) 2013-07-10 08:40:15.651-0500

The reason for the crash is pretty clear. Looks like we're calling ast_sip_session_send_request() with a NULL pointer (i.e. no actual request). The simple reason for why that's happening is that the call to create the request is failing and we aren't checking for failure. What's more important is why the call to create the request is failing. I believe the code you're hitting was put there with reinvites in mind rather than the initial INVITE. I believe that if I were to add an additional check to make sure that we aren't dealing with the initial INVITE, then things will work as expected. I'll prepare a patch!

By: Mark Michelson (mmichelson) 2013-07-10 08:46:08.213-0500

I've attached a patch. Assuming it works properly, the actual commit will include checking pjsip_inv_end_session() for failure in addition to what is in the patch.

By: Rusty Newton (rnewton) 2013-07-10 14:12:01.944-0500

Just tested the patch, the same dial works, with no crash!  Thanks.