Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#1864 closed defect (fixed)

Assert and crash when remote remove and add back media lines in SDP

Reported by: ming Owned by: bennylp
Priority: normal Milestone: release-2.4.5
Component: pjsua-lib Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description (last modified by nanang)

Reported scenarios:

Scenario 1 - assertion of "Currently no media transport reuse"

  1. receive offer with 2 media lines, RTP/SAVP and RTP/AVP, both active
  2. accept with 2 media lines in answer, RTP/SAVP gets port zeroed and RTP/AVP active (SRTP mode is set to disabled)
  3. receive reoffer with only 1 media line, RTP/AVP
  4. accept the reoffer
  5. receive reoffer with 2 media lines as in no 1, and assert occurs

It is caused by improper stopping and clean up of the removed media.


Scenario 2 - crash after accessing invalid call_med->tp pointer

  1. receive offer with 2 media lines, RTP/SAVP and RTP/AVP, both active
  2. send answer with 2 media lines, RTP/SAVP gets port zeroed and RTP/AVP active (SRTP mode is set to disabled)
  3. receive reoffer with only 1 media line, RTP/AVP
  4. reject the reoffer (e.g: because of no matching codec)
  5. receive reoffer with 2 media lines as in no 1, crash occurs

This seems to be a bug in r5124 (initial fix of scenario 1), it stops the removed media stream and cleans up its media transport right after receiving reoffer with less media lines (no 3), so when the SDP nego fails (the re-offer is rejected), call media states become inconsistent. Note that in SDP reoffer/answer, we shouldn't modify the media streams before SDP nego is done, as if SDP nego fails, the media streams should be maintained as if there is no SDP reoffer.

Also revisiting a related ticket #1626, where it modifies the media streams before SDP nego: the assertion happens because it gets into unknown media type block handler, while it should never do. So we need to update the fix, e.g: only set the media type when it is undefined.

Thanks to Brian Walker for the reports.

Change History (3)

comment:1 Changed 9 years ago by ming

  • Resolution set to fixed
  • Status changed from new to closed

In 5124:

Fixed #1864: Assertion in PJSIP when remote remove and add back media lines in the SDP

Thanks to Brian Walker for the report and patch testing.

comment:2 Changed 9 years ago by nanang

  • Description modified (diff)
  • Summary changed from Assertion in PJSIP when remote remove and add back media lines in the SDP to Assert and crash when remote remove and add back media lines in SDP

comment:3 Changed 9 years ago by nanang

In 5135:

Re #1864: fixed assert and crash when remote remove and add back media lines in SDP:

  • reverted back r5124 (of this ticket) and r4373 (of #1626)
  • applied another fix for #1626 as in described in the ticket desc
  • also fixed a related add/remove media issue:
    • we send an offer with 2 audio and 1 video in SDP
    • remote answers with only 1 audio in SDP
    • when we send a re-offer/re-INVITE, we have 5 media lines in our SDP (3 audio + 2 video, note 1 audio and 1 video are disabled)
    • call settings are actually maintained (2 active audio + 1 active video), just better to avoid the additional disabled media.
Note: See TracTickets for help on using tickets.