Opened 5 years ago

Closed 5 years ago

#2120 closed defect (fixed)

Crash in SIP session timer after call hold responded with 422

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.8
Component: pjsip Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no



  1. SIP server is configured with both Session Expires (SE) and Min-SE are set to 3600.
  2. A & B clients are configured with SE & Min-SE set to default values (i.e: SE = 1800, Min-SE = 90).
  3. A calls B, B receives INVITE with only Min-SE header and its value is 3600.
  4. B answer the call without SE & Min-SE headers (session timer inactive).
  5. B sends re-INVITE/UPDATE/call-hold with SE & Min-SE headers (attempt to activate session timer), unfortunately it uses SE=1800 while previously server has signaled that its Min-SE is 3600.
  6. B receives 422 response as expected, and crashes.

After investigation, there seem to be a couple of bugs in the library:

  1. When callee receives Min-SE header only, it doesn't update local SE to that Min-SE, so in any future outgoing request, the callee will use its original SE (which may be lower than caller's Min-SE and trigger 422 response).
  2. The library wrongly assumes that 422 response can only occur in initial INVITE, while in the reported scenario it occurs in subsequent INVITE for call hold (due to bug #1 above), this is the main cause of the crash.

Thanks Shilpi Gupta for the report.

Change History (1)

comment:1 Changed 5 years ago by nanang

  • Resolution set to fixed
  • Status changed from new to closed

In 5806:

Fix #2120:

  • Adjust local SE to comply to remote Min-SE when incoming request has Min-SE header but no SE header.
  • Handle the case of receiving 422 response for subsequent INVITE or UPDATE.
  • Add best effort to avoid INVITE/UPDATE req + 422 resp loop.
Note: See TracTickets for help on using tickets.