[Ccrtp-devel] Segementation fault in onGotSDES

ccrtp-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ccrtp-devel] Segementation fault in onGotSDES

From:	Michel de Boer
Subject:	[Ccrtp-devel] Segementation fault in onGotSDES
Date:	Sat, 23 Jul 2005 01:50:20 +0200
User-agent:	Mozilla Thunderbird 1.0.2 (X11/20050317)

Hi,

I frequently get a segmentation fault in the following function
(ccRTP 1.3.2):

ost::QueueRTCPManager::onGotSDES (this=0x83c1d48, address@hidden,
    address@hidden) at rtcppkt.h:193

I have tried to debug it, but I get lost and cannot find the
root cause :-(

I hope someone can fix this.

I have 2 SIP softphones in a call via a SIP proxy (SIPphone).
The softphones are my own and use ccRTP. The segmentation fault
seems only to happen sometimes at the start of an RTP stream.
If the RTP stream is established for a while it does not seem
to happen. I can more or less reproduce the problem by repeatedly
putting the call on-hold (this destroys the SymmetricRTPSession
object) and then retrieving the call again (this creates
a new SymmetricRTPSession object). The crash then sometimes occur
soon after the call is retrieved and the RTP session has just been
established.

I dumped some data with gdb (see attached gdb-output).
Looking at the data it seems the data in 'pkt' seems to be
invalid.  The block_count is always 24 when I observe the crash.

Attached you find
an ethereal capture of the SIP and RTCP siganling. In this
trace 192.168.2.110 is the softphone that crashes in the end.
The last RTCP packet sent out by ccRTP is packet no. 62.
So I guess it is either received RTCP packet no. 61 or 63 that
causes the segmentation fault.

Best regards,
Michel

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 180231 (LWP 3942)]
ost::QueueRTCPManager::onGotSDES (this=0x83c1d48, address@hidden,
    address@hidden) at rtcppkt.h:193
193                     { return (ntohl(ssrc)); }
Current language:  auto; currently c++
(gdb)
(gdb) bt
#0  ost::QueueRTCPManager::onGotSDES (this=0x83c1d48, address@hidden,
    address@hidden) at rtcppkt.h:193
#1  0x40097809 in ost::QueueRTCPManager::takeInControlPacket (this=0x83c1d48)
    at control.cpp:360
#2  0x4009790c in ost::QueueRTCPManager::controlReceptionService (
    this=0x83c1d48) at control.cpp:199
#3  0x0818e91c in ost::SingleThreadRTPSession<ost::RTPBaseUDPIPv4Socket, 
ost::RTPBaseUDPIPv4Socket, ost::AVPQueue>::run (this=Variable "this" is not 
available.
) at rtp.h:478
#4  0x400b98a5 in ost::ThreadImpl::ThreadExecHandler (th=Variable "th" is not 
available.
) at thread.cpp:1117
#5  0x400b81bc in ccxx_exec_handler (th=0x83c1cc0) at thread.cpp:1145
#6  0x40909e31 in pthread_start_thread () from /lib/i686/libpthread.so.0
#7  0x40909fee in pthread_start_thread_event () from /lib/i686/libpthread.so.0
#8  0x40af659a in clone () from /lib/i686/libc.so.6
(gdb) p i
$1 = 9
(gdb) p pkt
$2 = (ost::RTCPCompoundHandler::RTCPPacket &) @0x8392754: {fh = {
    block_count = 24 '\030', padding = 1 '\001', version = 1 '\001',
    type = 202 'ï¿½, length = 2074}, info = {SR = {ssrc = 1245184, sinfo = {
        NTPMSW = 136389276, NTPLSW = 136389276, RTPTimestamp = 136389276,
        packetCount = 136389276, octetCount = 0}, blocks = {{ssrc = 135973496,
          rinfo = {fractionLost = 0 '\0', lostMSB = 0 '\0', lostLSW = 33,
            highestSeqNum = 138129488, jitter = 135973496, lsr = 2555905,
            dlsr = 136495644}}}}, RR = {ssrc = 1245184, blocks = {{
          ssrc = 136389276, rinfo = {fractionLost = 156 '\234',
            lostMSB = 34 '"', lostLSW = 2081, highestSeqNum = 136389276,
            jitter = 136389276, lsr = 0, dlsr = 135973496}}}}, SDES = {
      ssrc = 1245184, item = {type = 156 '\234', len = 34 '"', data = "!"}},
    BYE = {ssrc = 1245184, length = 156 '\234'}, APP = {ssrc = 1245184,
      name = "\234\"!\b", data = "\234"}, NACK = {ssrc = 1245184, fsn = 8860,
      blp = 2081}, FIR = {ssrc = 1245184}}}
(gdb) p source
$3 = (ost::SyncSource &) @0x82b5810: {state = stateActive, SSRC = 3497995745,
  activeSender = true, participant = 0x83abae0, networkAddress = {
    _vptr.IPV4Address = 0x400e2130, validator = 0x0, ipaddr = 0x82f29f0,
    addr_count = 1, hostname = 0x0, static mutex = {_vptr.Mutex = 0x400e1da8,
      static _debug = false, _name = 0x0, _mutex = {__m_reserved = 0,
        __m_count = 0, __m_owner = 0x0, __m_kind = 1, __m_lock = {
          __status = 0, __spinlock = 0}}}}, dataTransportPort = 56902,
  controlTransportPort = 56901, link = 0x8396808}
(gdb) p chunk
$4 = (ost::RTCPCompoundHandler::SDESChunk *) 0x83cd0c0
(gdb) p *chunk
Cannot access memory at address 0x83cd0c0

sip-rtcp.pcap.gz
Description: GNU Zip compressed data

[Prev in Thread]

Current Thread

[Next in Thread]

[Ccrtp-devel] Segementation fault in onGotSDES, Michel de Boer <=
- Re: [Ccrtp-devel] Segementation fault in onGotSDES, Michel de Boer, 2005/07/23
  - Re: [Ccrtp-devel] Segementation fault in onGotSDES, David Sugar, 2005/07/23
    - Re: [Ccrtp-devel] Segementation fault in onGotSDES, Michel de Boer, 2005/07/23
    - Re: [Ccrtp-devel] Segementation fault in onGotSDES, Federico Montesino Pouzols, 2005/07/27
    - Re: [Ccrtp-devel] Segementation fault in onGotSDES, David Sugar, 2005/07/27
    - Re: [Ccrtp-devel] Segementation fault in onGotSDES, Michel de Boer, 2005/07/27
    - Re: [Ccrtp-devel] Segementation fault in onGotSDES, Michel de Boer, 2005/07/29
    - Re: [Ccrtp-devel] Segementation fault in onGotSDES, David Sugar, 2005/07/29
    - Re: [Ccrtp-devel] Segementation fault in onGotSDES, Michel de Boer, 2005/07/29
    - Re: [Ccrtp-devel] Segementation fault in onGotSDES, David Sugar, 2005/07/29

Prev by Date: [Ccrtp-devel] ReceiverReport
Next by Date: Re: [Ccrtp-devel] Segementation fault in onGotSDES
Previous by thread: [Ccrtp-devel] ReceiverReport
Next by thread: Re: [Ccrtp-devel] Segementation fault in onGotSDES
Index(es):
- Date
- Thread