bugtracker icon indicating copy to clipboard operation
bugtracker copied to clipboard
verified publisher icon Kurento

KMS server crash when RtpEndpoint receives answer that does not match offer

Open slabajo opened this issue 6 years ago • 1 comments

receiving-reinvite-for-voicemail-kms-crashed_20200122.txt

KMS Version:

6.8 onwards

Ubuntu Version 16.04 onwards

Paste output of lsb_release -a in the machine where KMS is running

not available

Client libraries

  • Language: Node.js and JAva
  • Version:

Browsers tested

Chrome

Add OK or FAIL, along with the version, after browsers where you have tested this issue:

  • Chrome:
  • Firefox:
  • Safari:
  • Native library:

System description:

KMS using RtpEndpoint to connect to a remote SIP PBX

What steps will reproduce the problem?

  1. generateOffer on RtpEndpoint
  2. feed the offer to remote PBX and get answer
  3. Answer does include m= line not present in offer
  4. feed the answer to RtpEndpoint using processAnswer
  5. The crash happens

What is the expected result? The expected is an error in SDP negotiation but no KMS crash

What happens instead? KMS just crashes

Does it happen with one of the tutorials? No

Please provide any additional information below On attached log, at the end, you can see an RTP offer followed by an answer that does not match m= lines This causes the following (at the end of the log)

2020-01-22T11:26:42.696560364Z 0:01:48.829037587 1 0x7fc0d8002410 ERROR sdpagent kmssdpagent.c:1927:kms_sdp_agent_process_answer:KmsSdpAgent@0x7fc0b4030ef0 Can not process answer in handler 2 2020-01-22T11:26:42.696565027Z 0:01:48.829044575 1 0x7fc0d8002410 ERROR sdpagent kmssdpagent.c:1816:kms_sdp_agent_process_answered_description:KmsSdpAgent@0x7fc0b4030ef0 No handler for media at position 2 2020-01-22T11:26:42.696568206Z ** 2020-01-22T11:26:42.696570478Z ERROR:/workdir/src/gst-plugins/commons/sdpagent/kmssdpagent.c:1817:kms_sdp_agent_process_answered_description: code should not be reached 2020-01-22T11:26:42.697506672Z Aborted (thread 140467134392064, pid 1) 2020-01-22T11:26:42.697518606Z Stack trace: 2020-01-22T11:26:42.698410107Z Segmentation fault (thread 140467134392064, pid 1)

slabajo avatar Jan 22 '20 13:01 slabajo

Related to this issue I found that the issue is caused by a call to g_assert_not_reached in kmssdpagent.c (line 1817).

But I have also found calls to that API in some other places, all of the related to problems in assigning handlers in SDP negotiations:

  • kmsbasertpsession.c (lines 115 and 691)

  • kmswebrtcsession.c (line 1530)

slabajo avatar Jan 23 '20 15:01 slabajo