Uploaded image for project: 'FreeSWITCH'
  1. FreeSWITCH
  2. FS-9548

crash on Invite due to bad config for sip profile

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.6.10
    • Fix Version/s: None
    • Component/s: freeswitch-core
    • Security Level: public
    • Labels:
      None
    • Environment:
      Linux
    • CPU Architecture:
      x86-64
    • Kernel:
      Linux
    • Userland:
      GNU/Linux
    • Distribution:
      Debian
    • Distribution Version:
      Debian 8 jessie
    • Compiler:
      gcc
    • FreeSWITCH GIT Revision:
      fca259d13c422517164dfa723c8e73a4fdf7d63c
    • GIT Master Revision hash::
      fca259d13c422517164dfa723c8e73a4fdf7d63c

      Description


      I needed multiple and customized sip profiles and I misconfigured two vars like below. Notice I had an IP instead of port and the empty RTP IP .

      2016-09-20 16:11:32.988063 [DEBUG] sofia.c:4240 sip-port [172.17.140.160]
      [...]
      2016-09-20 16:11:32.988189 [DEBUG] sofia.c:4240 rtp-ip []
      2016-09-20 16:11:32.988193 [DEBUG] sofia.c:4240 sip-ip [172.17.140.160]

      FS started (with this invalid sip port and no RTP IP on the profile where the call was supposed to go out) , then I placed a call and I ran into this crash immediately :

      Core was generated by `./freeswitch -nc -core'.
      Program terminated with signal 11, Segmentation fault.
      #0 switch_hash_default (ky=0x0) at ./src/include/switch_hashtable.h:230
      230 while ((c = *str)) {
      (gdb) bt
      #0 switch_hash_default (ky=0x0) at ./src/include/switch_hashtable.h:230
      #1 0x00007f2c01a0fd58 in hash (k=0x0, h=<optimized out>) at ./src/include/private/switch_hashtable_private.h:53
      #2 switch_hashtable_search (h=0xaf0520, k=k@entry=0x0) at src/switch_hashtable.c:231
      #3 0x00007f2c019425b5 in switch_core_hash_find (hash=<optimized out>, key=key@entry=0x0) at src/switch_core_hash.c:178
      #4 0x00007f2c019a9263 in switch_rtp_request_port (ip=0x0) at src/switch_rtp.c:2431
      #5 0x00007f2c019764b8 in switch_core_media_choose_port (session=0x7f2bec105da8, type=type@entry=SWITCH_MEDIA_TYPE_AUDIO, force=force@entry=0) at src/switch_core_media.c:6024
      #6 0x00007f2bf979b7d8 in sofia_glue_do_invite (session=session@entry=0x7f2bec105da8) at sofia_glue.c:806
      #7 0x00007f2bf9755103 in sofia_on_init (session=0x7f2bec105da8) at mod_sofia.c:117
      #8 0x00007f2c019561f1 in switch_core_session_run (session=0x7f2bec105da8) at src/switch_core_state_machine.c:586
      #9 0x00007f2c0194f81e in switch_core_session_thread (thread=<optimized out>, obj=0x7f2bec105da8) at src/switch_core_session.c:1630
      #10 0x00007f2c0194bc03 in switch_core_session_thread_pool_worker (thread=0xd11360, obj=<optimized out>) at src/switch_core_session.c:1693
      #11 0x00007f2c01a346d6 in dummy_worker (opaque=0xd11360) at threadproc/unix/thread.c:151
      #12 0x00007f2c00e7ab50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #13 0x00007f2c0056cfbd in clone () from /lib/x86_64-linux-gnu/libc.so.6
      #14 0x0000000000000000 in ?? ()
      (gdb) frame 5
      #5 0x00007f2c019764b8 in switch_core_media_choose_port (session=0x7f2bec105da8, type=type@entry=SWITCH_MEDIA_TYPE_AUDIO, force=force@entry=0) at src/switch_core_media.c:6024
      6024 if (!(engine->local_sdp_port = switch_rtp_request_port(smh->mparams->rtpip))) {
      (gdb) i loc
      lookup_rtpip = 0x0
      sdp_port = <optimized out>
      use_ip = 0x0
      engine = 0x7f2bec114e40
      smh = 0x7f2bec114de8
      tstr = 0x7f2c01a643b7 "audio"
      vname = '\000' <repeats 127 times>
      __PRETTY_FUNCTION__ = "switch_core_media_choose_port"
      __func__ = "switch_core_media_choose_port"
      (gdb) p smh->mparams
      $1 = (switch_core_media_params_t *) 0x7f2bec1129a0
      (gdb) p *smh->mparams
      $2 = {rtp_timeout_sec = 300, rtp_hold_timeout_sec = 1800, dtmf_delay = 40, codec_flags = 0, ndlb = SM_NDLB_ALLOW_NONDUP_SDP,
        auto_rtp_bugs = RTP_BUG_CISCO_SKIP_MARK_BIT_2833, inbound_codec_string = 0x7f2bf4025740 "OPUS,G722,PCMU,PCMA,VP8",
        outbound_codec_string = 0x7f2bf4025760 "OPUS,G722,PCMU,PCMA,VP8", timer_name = 0x7f2bf4025798 "soft", remote_sdp_str = 0x0, early_sdp = 0x0, local_sdp_str = 0x0,
        last_sdp_str = 0x0, last_sdp_response = 0x0, prev_sdp_str = 0x0, prev_sdp_response = 0x0, stun_ip = 0x0, stun_port = 0, stun_flags = 0, jb_msec = 0x0, vflags = 0,
        manual_rtp_bugs = RTP_BUG_NONE, manual_video_rtp_bugs = RTP_BUG_NONE, rtcp_audio_interval_msec = 0x0, rtcp_video_interval_msec = 0x0, extrtpip = 0x0, rtpip = 0x0,
        rtpip4 = 0x0, rtpip6 = 0x0, remote_ip = 0x7f2bec112e59 "172.17.102.53", remote_port = 0, extsipip = 0x0, local_network = 0x7f2bf40257a0 "localnet.auto",
        sipip = 0x7f2bf40257b0 "172.17.140.160", sdp_username = 0x7f2bf40257e8 "FreeSWITCH", te = 101 'e', recv_te = 101 'e', te_rate = 0, cng_rate = 0, adv_sdp_audio_ip = 0x0,
        num_codecs = 1, hold_laps = 0, dtmf_type = DTMF_2833, cng_pt = 13 '\r', external_video_source = SWITCH_FALSE, video_key_freq = 10000000, video_key_first = 1000000,
        video_write_thread = 0x0}
      (gdb) bt full
      #0 switch_hash_default (ky=0x0) at ./src/include/switch_hashtable.h:230
              str = 0x0
              hash = 0
              c = <optimized out>
      #1 0x00007f2c01a0fd58 in hash (k=0x0, h=<optimized out>) at ./src/include/private/switch_hashtable_private.h:53
              i = <optimized out>
      #2 switch_hashtable_search (h=0xaf0520, k=k@entry=0x0) at src/switch_hashtable.c:231
              e = <optimized out>
              hashvalue = 3960557032
      #3 0x00007f2c019425b5 in switch_core_hash_find (hash=<optimized out>, key=key@entry=0x0) at src/switch_core_hash.c:178
      No locals.
      #4 0x00007f2c019a9263 in switch_rtp_request_port (ip=0x0) at src/switch_rtp.c:2431
              port = 0
              alloc = 0x0
      #5 0x00007f2c019764b8 in switch_core_media_choose_port (session=0x7f2bec105da8, type=type@entry=SWITCH_MEDIA_TYPE_AUDIO, force=force@entry=0) at src/switch_core_media.c:6024
              lookup_rtpip = 0x0
              sdp_port = <optimized out>
              use_ip = 0x0
              engine = 0x7f2bec114e40
              smh = 0x7f2bec114de8
              tstr = 0x7f2c01a643b7 "audio"
              vname = '\000' <repeats 127 times>
              __PRETTY_FUNCTION__ = "switch_core_media_choose_port"
              __func__ = "switch_core_media_choose_port"
      #6 0x00007f2bf979b7d8 in sofia_glue_do_invite (session=session@entry=0x7f2bec105da8) at sofia_glue.c:806
              alert_info = 0x0
              max_forwards = 0x7f2bec113668 "68"
              alertbuf = <optimized out>
              tech_pvt = 0x7f2bec112958
              channel = 0x7f2bec0ac830
              caller_profile = 0x7f2bec112fb8
              cid_name = 0x7f2bec113148 "+12450069"
              cid_num = 0x7f2bec113158 "+12450069"
              e_dest = 0x0
              holdstr = 0x7f2bf98aaced ""
              extra_headers = 0x0
              status = SWITCH_STATUS_FALSE
              session_timeout = 0
              val = <optimized out>
              rep = 0x0
              call_id = 0x0
      ---Type <return> to continue, or q <return> to quit---
              route = 0x0
              route_uri = 0x0
              dst = 0x0
              cid_type = CID_TYPE_RPID
              cseq = 0x0
              invite_record_route = <optimized out>
              invite_route_uri = 0x0
              invite_full_from = 0x0
              invite_full_to = 0x0
              handle_full_from = 0x0
              handle_full_to = 0x0
              force_full_from = 0x0
              force_full_to = 0x0
              content_encoding = 0x0
              mp = 0x0
              mp_type = 0x0
              record_route = 0x0
              recover_via = 0x0
              require_timer = 1
              is_t38 = 0 '\000'
              __func__ = "sofia_glue_do_invite"
              __PRETTY_FUNCTION__ = "sofia_glue_do_invite"
      #7 0x00007f2bf9755103 in sofia_on_init (session=0x7f2bec105da8) at mod_sofia.c:117
              hval = <optimized out>
              channel = 0x7f2bec0ac830
              tech_pvt = 0x7f2bec112958
              status = SWITCH_STATUS_SUCCESS
              __PRETTY_FUNCTION__ = "sofia_on_init"
              __func__ = "sofia_on_init"
      #8 0x00007f2c019561f1 in switch_core_session_run (session=0x7f2bec105da8) at src/switch_core_state_machine.c:586
              event = 0x0
              global_proceed = 1
              index = 0
              proceed = 1
              do_extra_handlers = 1
              ptr = <optimized out>
              rstatus = <optimized out>
              state = CS_INIT
              midstate = CS_INIT
              endstate = <optimized out>
              endpoint_interface = <optimized out>
      ---Type <return> to continue, or q <return> to quit---
              driver_state_handler = 0x7f2bf9af9da0
              application_state_handler = <optimized out>
              new_loops = 500
              __PRETTY_FUNCTION__ = "switch_core_session_run"
              __func__ = "switch_core_session_run"
      #9 0x00007f2c0194f81e in switch_core_session_thread (thread=<optimized out>, obj=0x7f2bec105da8) at src/switch_core_session.c:1630
              session = 0x7f2bec105da8
              event = <optimized out>
              event_str = 0x0
              val = <optimized out>
              __func__ = "switch_core_session_thread"
              __PRETTY_FUNCTION__ = "switch_core_session_thread"
      #10 0x00007f2c0194bc03 in switch_core_session_thread_pool_worker (thread=0xd11360, obj=<optimized out>) at src/switch_core_session.c:1693
              td = 0x7f2bec113638
              pop = 0x7f2bec113638
              check_status = <optimized out>
              node = <optimized out>
              pool = 0xd11108
              __func__ = "switch_core_session_thread_pool_worker"
      #11 0x00007f2c01a346d6 in dummy_worker (opaque=0xd11360) at threadproc/unix/thread.c:151
              thread = 0xd11360
      #12 0x00007f2c00e7ab50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      No symbol table info available.
      #13 0x00007f2c0056cfbd in clone () from /lib/x86_64-linux-gnu/libc.so.6
      No symbol table info available.
      #14 0x0000000000000000 in ?? ()

      I've done a quick fix so it will drop the call with the log message :
      2016-09-20 16:37:43.013859 [ERR] sofia_glue.c:807 Port Error!

        Activity

        Hide
        brian Brian West added a comment -
        The config parser tries to use mod_sofia_globals.guess_ip, but since you probably had nothing in the param, it was set to nothing instead of something that would have actually worked, we shouldn't allow it to be set to empty. Should the config parser be fixed instead?
        Show
        brian Brian West added a comment - The config parser tries to use mod_sofia_globals.guess_ip, but since you probably had nothing in the param, it was set to nothing instead of something that would have actually worked, we shouldn't allow it to be set to empty. Should the config parser be fixed instead?
        Hide
        brian Brian West added a comment -
        what exactly did you have in the rtp-ip param to trigger this?
        Show
        brian Brian West added a comment - what exactly did you have in the rtp-ip param to trigger this?
        Hide
        dragos_oancea Dragos Oancea added a comment -
        I've had an undefined var name , eg:
        <param name="rtp-ip" value="$${my_external_rtp_ip_undefined}"/>
        Forgot to add it to vars.xml .
        Indeed, it looks like an issue with the config parser.
        Show
        dragos_oancea Dragos Oancea added a comment - I've had an undefined var name , eg: <param name="rtp-ip" value="$${my_external_rtp_ip_undefined}"/> Forgot to add it to vars.xml . Indeed, it looks like an issue with the config parser.

          People

          • Assignee:
            mikej Mike Jerris
            Reporter:
            dragos_oancea Dragos Oancea
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development