Opened 9 years ago
Last modified 9 years ago
#1901 closed defect
Support simultaneous asynchronous read operations for SIP TCP/TLS transport (i.e. support async_cnt > 1) — at Initial Version
Reported by: | ming | Owned by: | bennylp |
---|---|---|---|
Priority: | normal | Milestone: | release-2.5 |
Component: | pjsip | Version: | trunk |
Keywords: | Cc: | ||
Backport to 1.x milestone: | Backported: | no |
Description
Currently, there are already options to support this in API pjsip_tcp_transport_start()/start2() or pjsip_tls_transport_start()/start2() (and via pjsip_tcp_transport_cfg.async_cnt as well). Then sip_transport_tcp.c / sip_transport_tls.c will issue a call to pj_activesock_start_read2()/ pj_ssl_sock_start_read2(), and should supply the parameter readbuf, which, according to the doc, should be: an array of async_cnt number of buffers, where each buffer is buff_size long.
However, in the implementation of tcp_start_read()/tls_start_read(), the readbuf is only hard-coded to an array the size of one, and later, in on_data_read() there are also assertions to check that the buffer points to a specific, single buffer only (i.e. rdata->pt_info.packet). As a result, this may cause crash such as reported in https://issues.asterisk.org/jira/browse/ASTERISK-25615, with a stack trace like this:
frame #2: 0x00007fff8859c62c libssl.0.9.8.dylib`ssl3_read + 156 frame #3: 0x000000010020748b pjsua-x86_64-apple-darwin15.0.0`asock_on_data_read(asock=0x0000000101942348, data=0x000000010203c828, size=394, status=0, remainder=0x000070000052e510) + 363 at ssl_sock_ossl.c:1596 frame #4: 0x00000001001f5aa9 pjsua-x86_64-apple-darwin15.0.0`ioqueue_on_read_complete(key=0x0000000101031dd8, op_key=0x0000000102037170, bytes_read=394) + 217 at activesock.c:493 frame #5: 0x00000001001ea985 pjsua-x86_64-apple-darwin15.0.0`ioqueue_dispatch_read_event(ioqueue=0x00000001010358d8, h=0x0000000101031dd8) + 1029 at ioqueue_common_abs.c:605 frame #6: 0x00000001001ed93f pjsua-x86_64-apple-darwin15.0.0`pj_ioqueue_poll(ioqueue=0x00000001010358d8, timeout=0x000070000052ee20) + 1727 at ioqueue_select.c:981