Skip to content

GitLab

Closed
Created by RingBot@RingBotOwner

daemon: crash during ip2ip call to localhost

Issue generated from Tuleap's migration script. Originally submitted by: Stepan Salenikovich (ssalenik)

making an ip2ip call to localhost (127.0.0.1) the daemon systematically segfaults... the issue seems to be that rdata->msg\_info->msg = 0x0, but this check is not performed by the code... however, the function itself and the whole presence SIP module isn't in use anyways...

 

  
[1479148412.111| 6697|manager.cpp:434         ] ----- Switch current call id to '7971077113848492381' -----  
[1479148412.132| 6697|sipaccount.cpp:340      ] contact header:  /  ->   
[1479148412.132| 6697|sipvoiplink.cpp:814     ] [call:7971077113848492381] INVITE@0x5555569237f8 state changed to 1 (CALLING): cause=0, tsx@0x55555692b4d8 status 0 (Default status message)  
[1479148412.132| 6697|sipvoiplink.cpp:1117    ] [INVITE:0x5555569237f8] tsx\_role=0, tsx\_state=1, ev\_type=5, tsx\_state\_type=2  
[1479148412.132| 6697|call.cpp:145            ] [call:7971077113848492381] state change 0/1, cnx 0/2, code 0  
[1479148412.132| 6697|call.cpp:183            ] [call:7971077113848492381] emit client call state change CONNECTING, code 0  
  
Thread 1 "dring" received signal SIGSEGV, Segmentation fault.  
ring::PresSubServer::pres\_on\_rx\_subscribe\_request (rdata=0x5555568dbb88) at pres\_sub\_server.cpp:95  
95	    std::string request(str->ptr, str->slen);  
(gdb) bt  
\#0  ring::PresSubServer::pres\_on\_rx\_subscribe\_request (rdata=0x5555568dbb88) at pres\_sub\_server.cpp:95  
\#1  0x0000555555841ac6 in pjsip\_endpt\_process\_rx\_data ()  
\#2  0x0000555555841e22 in endpt\_on\_rx\_msg ()  
\#3  0x000055555584bc96 in pjsip\_tpmgr\_receive\_packet ()  
\#4  0x000055555584cc6f in udp\_on\_read\_complete ()  
\#5  0x000055555589c624 in ioqueue\_dispatch\_read\_event ()  
\#6  0x000055555589ea1c in pj\_ioqueue\_poll ()  
\#7  0x0000555555841774 in pjsip\_endpt\_handle\_events2 ()  
\#8  0x0000555555841835 in pjsip\_endpt\_handle\_events ()  
\#9  0x0000555555787255 in ring::SIPVoIPLink::handleEvents (this=0x5555565a7a00) at sipvoiplink.cpp:689  
\#10 0x000055555571a721 in std::function::operator()() const (this=0x5555565725a8) at /usr/include/c++/6/functional:2136  
\#11 ring::Manager::pollEvents (this=0x5555563d5980 ) at manager.cpp:1454  
\#12 0x00007ffff7bbdae3 in DBus::DefaultMainLoop::dispatch() () from /usr/lib/x86\_64-linux-gnu/libdbus-c++-1.so.0  
\#13 0x00007ffff7bbe78c in DBus::BusDispatcher::enter() () from /usr/lib/x86\_64-linux-gnu/libdbus-c++-1.so.0  
\#14 0x000055555563492f in DBusClient::event\_loop (this=) at dbusclient.cpp:237  
\#15 0x000055555562d4ed in main (argc=2, argv=0x7fffffffddc8) at main.cpp:235  
(gdb) bt full  
\#0  ring::PresSubServer::pres\_on\_rx\_subscribe\_request (rdata=0x5555568dbb88) at pres\_sub\_server.cpp:95  
        method = 0x6e6f74676e697228  
        str = 0x6e6f74676e697230  
        request = "\\000\_=VUU\\000\\000\\306\\032\\204UUU\\000\\000\\244\\311\\377\\377\\377\\177\\000\\000\\260\\311\\377\\377\\377\\177\\000\\000\\210\\273\\215VUU\\000\\000؎ZVUU\\000\\000@\\311\\377\\377\\000\\000\\000\\000\\000\\000\\000\\000UU\\000\\000`3;VUU\\000\\000\\200\\316\\215VUU\\000\\000p\\311\\377\\377\\377\\177\\000\\000\\313\\030\\204UUU\\000\\000p\\311\\377\\377\\377\\177\\000\\000\\000\\214oFΛrO`\\312\\377\\377\\377\\177\\000\\000\\"\\036\\204UUU\\000\\000 \\312\\377\\377\\377\\177\\000\\000\\210\\273\\215VUU\\000\\000\\320\\311\\377\\377\\000\\000\\000\\000؎ZVUU\\000\\000\\300\\311\\377\\377\\000\\000\\000\\000\\200\\316\\215VUU", '\\000' , "\\001\\000\\000\\000"...  
\#1  0x0000555555841ac6 in pjsip\_endpt\_process\_rx\_data ()  
No symbol table info available.  
\#2  0x0000555555841e22 in endpt\_on\_rx\_msg ()  
No symbol table info available.  
\#3  0x000055555584bc96 in pjsip\_tpmgr\_receive\_packet ()  
No symbol table info available.  
\#4  0x000055555584cc6f in udp\_on\_read\_complete ()  
No symbol table info available.  
\#5  0x000055555589c624 in ioqueue\_dispatch\_read\_event ()  
No symbol table info available.  
\#6  0x000055555589ea1c in pj\_ioqueue\_poll ()  
No symbol table info available.  
\#7  0x0000555555841774 in pjsip\_endpt\_handle\_events2 ()  
No symbol table info available.  
\#8  0x0000555555841835 in pjsip\_endpt\_handle\_events ()  
No symbol table info available.  
\#9  0x0000555555787255 in ring::SIPVoIPLink::handleEvents (this=0x5555565a7a00) at sipvoiplink.cpp:689  
        timeout = {sec = 0, msec = 0}  
        ret =   
\#10 0x000055555571a721 in std::function::operator()() const (this=0x5555565725a8) at /usr/include/c++/6/functional:2136  
No locals.  
\#11 ring::Manager::pollEvents (this=0x5555563d5980 ) at manager.cpp:1454  
        iter = {first = 93825009351168, second = {> = {},  = {static \_M\_max\_size = 16, static \_M\_max\_align = 8, \_M\_functor = {  
                \_M\_unused = {\_M\_object = , \_M\_const\_object = , \_M\_function\_pointer = ,   
                  \_M\_member\_pointer = (void (std::\_Undefined\_class::\*)(std::\_Undefined\_class \* const)) 0x5555565a7a00, this adjustment 93825009356336}, \_M\_pod\_data = "\\000zZVUU\\000\\000\\060\\216ZVUU\\000"},   
              \_M\_manager =  >::\_M\_manager(std::\_Any\_data &, const std::\_Any\_data &, std::\_Manager\_operation)>},   
            \_M\_invoker =  >::\_M\_invoke(const std::\_Any\_data &)>}}  
\#12 0x00007ffff7bbdae3 in DBus::DefaultMainLoop::dispatch() () from /usr/lib/x86\_64-linux-gnu/libdbus-c++-1.so.0  
No symbol table info available.  
\#13 0x00007ffff7bbe78c in DBus::BusDispatcher::enter() () from /usr/lib/x86\_64-linux-gnu/libdbus-c++-1.so.0  
No symbol table info available.  
\#14 0x000055555563492f in DBusClient::event\_loop (this=) at dbusclient.cpp:237  
No locals.  
\#15 0x000055555562d4ed in main (argc=2, argv=0x7fffffffddc8) at main.cpp:235  
        programName = "/home/ssalenikovich/projects/ring-daemon/bin/dring"  
        persistent = true