![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 6 years ago
Closed 6 years ago
#2125 closed defect (fixed)
Fixed crash when hanging up call if call invite hasn't been created
| Reported by: | ming | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.8 |
| Component: | pjsua-lib | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
Program received signal SIGSEGV, Segmentation fault.
0x0000000000429047 in pjsua_call_hangup (call_id=2, code=0, reason=0x0,
msg_data=0x0) at ../src/pjsua-lib/pjsua_call.c:2370
2370 if (call->inv->role == PJSIP_ROLE_UAS)
Step to reproduce:
Run pjsua with dummy TURN server.
--use-ice --use-turn --turn-srv 8.8.8.8:12345 --turn-user na --turn-passwd na
then make call and immediately hangup
If ICE setup takes a long time, for example when using a non-responsive TURN server, call->inv hasn't been created yet, thus causing the crash.
Analysis:
Before the crashing line, there's a conditional statement:
if ((call->med_ch_cb && !call->inv) || ((call->inv != NULL) && (call->inv->state == PJSIP_INV_STATE_NULL)))
So, it's possible to enter the block with call->inv == NULL, however later we immediately access call->inv->role, thus causing the crash.
Thanks to Håkan Berg for the report.
Change History (1)
comment:1 Changed 6 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In 5816: