linphone-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] linphone crash on every incoming call


From: Pali Rohár
Subject: Re: [Linphone-developers] linphone crash on every incoming call
Date: Tue, 10 Jul 2018 15:09:39 +0200
User-agent: NeoMutt/20170113 (1.7.2)

That is a version available in current Debian Stretch stable release.
Therefore I reported it.

On Saturday 07 July 2018 09:27:47 Russell Treleaven wrote:
> That version of linphone is ancient.
> please see http://linphone.org/technical-corner/linphone/downloads
> 
> On Sun, Jun 10, 2018 at 10:40 AM, Pali Rohár <address@hidden> wrote:
> 
> > Package: linphone
> > Version: 3.6.1-3
> > Severity: important
> >
> > Dear maintainer, linphone always crashes when there is incoming call.
> > Basically it makes it unusable. I'm CCing also linphone developers.
> >
> > The most important for crash is stacktrace. So here is output from gdb:
> >
> > Thread 1 "linphone" received signal SIGSEGV, Segmentation fault.
> > linphone_core_update_upnp_from_remote_media_description (address@hidden,
> > md=0x0) at upnp.c:684
> > 684             for (i = 0; i < md->n_total_streams; i++) {
> >
> > (gdb) print md
> > $1 = (const SalMediaDescription *) 0x0
> >
> > (gdb) bt
> > #0  linphone_core_update_upnp_from_remote_media_description
> > (address@hidden, md=0x0) at upnp.c:684
> > #1  0x00007ffff7bb3b29 in linphone_call_new_incoming (address@hidden,
> > address@hidden, address@hidden, address@hidden)
> > at linphonecall.c:571
> > #2  0x00007ffff7ba6331 in call_received (h=0x555555aa6f20) at
> > callbacks.c:256
> > #3  0x00007ffff7ba0763 in inc_new_call (ev=0x7fffa0003e70,
> > sal=0x555555990bc0) at sal_eXosip2.c:1435
> > #4  process_event (ev=0x7fffa0003e70, sal=0x555555990bc0) at
> > sal_eXosip2.c:2779
> > #5  sal_iterate (sal=0x555555990bc0) at sal_eXosip2.c:2907
> > #6  0x00007ffff7b95783 in linphone_core_iterate (lc=0x5555558a4410) at
> > linphonecore.c:2107
> > #7  0x000055555556c290 in ?? ()
> > #8  0x00007fffef5b6123 in ?? () from /lib/x86_64-linux-gnu/libglib-
> > 2.0.so.0
> > #9  0x00007fffef5b56aa in g_main_context_dispatch () from
> > /lib/x86_64-linux-gnu/libglib-2.0.so.0
> > #10 0x00007fffef5b5a60 in ?? () from /lib/x86_64-linux-gnu/libglib-
> > 2.0.so.0
> > #11 0x00007fffef5b5d82 in g_main_loop_run () from
> > /lib/x86_64-linux-gnu/libglib-2.0.so.0
> > #12 0x00007ffff76503b7 in gtk_main () from /usr/lib/x86_64-linux-gnu/
> > libgtk-x11-2.0.so.0
> > #13 0x0000555555569cfc in main ()
> >
> > So linphone is trying to do NULL pointer dereference on line 684 which
> > makes instant segfault.
> >
> > Looking at the problematic libphonecall.c file and function
> > linphone_call_new_incoming()... and there is really a logical error.
> >
> >         md=sal_call_get_remote_media_description(op);
> >         ...
> >         if (md) {
> >                 ...
> >                 call->params.has_video &= linphone_core_media_
> > description_contains_video_stream(md);
> >         }
> >         ...
> >         linphone_core_update_ice_from_remote_media_description(call,
> > sal_call_get_remote_media_description(op));
> >         ...
> >         if (linphone_core_update_upnp_from_remote_media_description(call,
> > sal_call_get_remote_media_description(op))<0) {
> >
> > First there is call to the sal_call_get_remote_media_description()
> > function and then return value is checked for NULL.
> >
> > Later there is again call for sal_call_get_remote_media_description()
> > but return value is not check and it is passed to functions
> > linphone_core_update_ice_from_remote_media_description() and
> > linphone_core_update_upnp_from_remote_media_description().
> >
> > And functions linphone_core_update_upnp_from_remote_media_description()
> > and linphone_core_update_ice_from_remote_media_description() then
> > dereference md argument without doing any check for NULL.
> >
> >         for (i = 0; i < md->n_total_streams; i++) {
> >
> >         if ((md->ice_pwd[0] != '\0') && (md->ice_ufrag[0] != '\0')) {
> >
> > So check for NULL pointer needs to be done to fix this problem.
> > Otherwise whole linphone application is unusable as it is not possible
> > to receive any call.
> >
> > --
> > Pali Rohár
> > address@hidden
> >
> > _______________________________________________
> > Linphone-developers mailing list
> > address@hidden
> > https://lists.nongnu.org/mailman/listinfo/linphone-developers
> >
> >
> 
> 

-- 
Pali Rohár
address@hidden



reply via email to

[Prev in Thread] Current Thread [Next in Thread]