Hi,
Every few hours Asterisk is getting crashed because of a segfault.
Trace:
(gdb) bt
#0 0x00007f52ff0c91fb in octet_string_is_eq () from /lib64/libsrtp.so.0
#1 0x00007f52ff0c2ab4 in srtp_unprotect_rtcp () from /lib64/libsrtp.so.0
#2 0x00007f52ff2d4d50 in ast_srtp_unprotect (srtp=0x7f5140026f60, buf=0x7f528c037490, len=0x7f51bf1580f4, rtcp=1) at res_srtp.c:346
#3 0x00007f5258540061 in __rtp_recvfrom (instance=0x7f528c034ff0, buf=0x7f528c037490, size=8192, flags=0, sa=0x7f51bf158440, rtcp=0) at res_rtp_asterisk.c:2716
#4 0x00007f5258540108 in rtp_recvfrom (instance=0x7f528c034ff0, buf=0x7f528c037490, size=8192, flags=0, sa=0x7f51bf158440) at res_rtp_asterisk.c:2732
#5 0x00007f5258549ffc in ast_rtp_read (instance=0x7f528c034ff0, rtcp=0) at res_rtp_asterisk.c:5387
#6 0x000000000059ad20 in ast_rtp_instance_read (instance=0x7f528c034ff0, rtcp=0) at rtp_engine.c:516
#7 0x00007f5255a04a74 in sip_rtp_read (ast=0x7f528c05f490, p=0x7f528c033310, faxdetect=0x7f51bf158734) at chan_sip.c:8557
#8 0x00007f5255a052c1 in sip_read (ast=0x7f528c05f490) at chan_sip.c:8663
#9 0x00000000004b6d75 in __ast_read (chan=0x7f528c05f490, dropaudio=0) at channel.c:3969
#10 0x00000000004b8b37 in ast_read (chan=0x7f528c05f490) at channel.c:4401
#11 0x000000000048612b in bridge_handle_trip (bridge_channel=0x7f528c062aa0) at bridge_channel.c:2447
#12 0x0000000000486632 in bridge_channel_wait (bridge_channel=0x7f528c062aa0) at bridge_channel.c:2617
#13 0x0000000000486d24 in bridge_channel_internal_join (bridge_channel=0x7f528c062aa0) at bridge_channel.c:2763
#14 0x000000000046cbf0 in bridge_channel_ind_thread (data=0x7f528c062aa0) at bridge.c:1782
#15 0x0000000000606304 in dummy_start (data=0x7f528c078bc0) at utils.c:1239
#16 0x00007f530276de25 in start_thread () from /lib64/libpthread.so.0
#17 0x00007f5301b13bad in clone () from /lib64/libc.so.6
(gdb) frame 2
#2 0x00007f52ff2d4d50 in ast_srtp_unprotect (srtp=0x7f5140026f60, buf=0x7f528c037490, len=0x7f51bf1580f4, rtcp=1) at res_srtp.c:346
346 res_srtp.c: No such file or directory.
(gdb) p *len
$1 = 0
I also tried to recreate this by deliberately changing the len
in ast_srtp_unprotect
to 0 and the issue is getting recreated with the same backtrace. (when using libsrtp-1.4.4
)
The question is that is it okay for Asterisk to pass the len
parameter as 0
to the underlying library (libsrtp
) or should this be taken care of in the Asterisk itself.
One solution is that if I upgrade the libsrtp
library to version libsrtp-1.5.4
then the issue does not occur because libsrtp
code is checking the len
variable beforehand.
But If I have to prevent this from happening what can I do in Asterisk without adversely harming any other functionality for example can I return -1 whenever I encounter the len
as 0.