Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#2013 closed defect (fixed)

Prevent crash when timer refresh with SRTP is interrupted by a re-INVITE

Reported by: riza Owned by: nanang
Priority: normal Milestone: release-2.7
Component: pjmedia Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

Scenario:

This is the situation:
1. User places a call
2. The call is connected
3. After 2.5 minutes PJSIP sends re-INVITE (session refresh) [twice]
4. partner terminal cannot send RTP because partner terminal's network connection is lost
5. partner terminal's network connection recovers and partner sends re-INVITE
6. After 2.5 minutes PJSIP sends re-INVITE (session refresh)
7. PJSIP receives 200 OK for re-INVITE (session refresh) but there is an "unsupported crypto suite" error
8. The call continues without any media (MEDIA_DIR_NONE)
9. After 2.5 minutes the crash happens (around the time of the next session refresh)

The callstack:

pjsua-i386-Win32-vc14-Debug.exe!pjmedia_transport_media_start(pjmedia_transport
* tp, pj_pool_t * tmp_pool, const pjmedia_sdp_session * sdp_local, const
pjmedia_sdp_session * sdp_remote, unsigned int media_index) Line 903    C
     pjsua-i386-Win32-vc14-Debug.exe!pjsua_media_channel_update(int call_id,
const pjmedia_sdp_session * local_sdp, const pjmedia_sdp_session * remote_sdp)
Line 3057    C
    
pjsua-i386-Win32-vc14-Debug.exe!pjsua_call_on_media_update(pjsip_inv_session *
inv, int status) Line 3996    C
     pjsua-i386-Win32-vc14-Debug.exe!inv_negotiate_sdp(pjsip_inv_session * inv)
Line 1942    C
    
pjsua-i386-Win32-vc14-Debug.exe!inv_check_sdp_in_incoming_msg(pjsip_inv_session
* inv, pjsip_transaction * tsx, pjsip_rx_data * rdata) Line 2153    C
     pjsua-i386-Win32-vc14-Debug.exe!inv_on_state_confirmed(pjsip_inv_session *
inv, pjsip_event * e) Line 5098    C

Because of this:

22:36:03.114  pjsua_media.c  ......pjmedia_transport_media_start() failed for
call_id 0 media 0: Unsupported SRTP crypto-suite (PJMEDIA_SRTP_ENOTSUPCRYPTO)

call_med->tp will be destroyed, resulting the next refresh when calling pjmedia_transport_media_start() will pass NULL and crash.

Thanks to Marcus Froeschl for the report.

Change History (2)

comment:1 Changed 8 years ago by riza

  • Resolution set to fixed
  • Status changed from new to closed

In 5586:

Fix #2013: Prevent crash when timer refresh with SRTP is interrupted by a re-INVITE.

comment:2 Changed 8 years ago by riza

In 5587:

Re #2013: Don't raise assert on re-INVITE without media.

Note: See TracTickets for help on using tickets.