Good work. On Tue, Jul 10, 2018 at 9:09 AM, Pali Rohár <[email protected]> wrote:
> That is a version available in current Debian Stretch stable release. > Therefore I reported it. > > On Saturday 07 July 2018 09:27:47 Russell Treleaven wrote: > > That version of linphone is ancient. > > please see http://linphone.org/technical-corner/linphone/downloads > > > > On Sun, Jun 10, 2018 at 10:40 AM, Pali Rohár <[email protected]> > wrote: > > > > > Package: linphone > > > Version: 3.6.1-3 > > > Severity: important > > > > > > Dear maintainer, linphone always crashes when there is incoming call. > > > Basically it makes it unusable. I'm CCing also linphone developers. > > > > > > The most important for crash is stacktrace. So here is output from gdb: > > > > > > Thread 1 "linphone" received signal SIGSEGV, Segmentation fault. > > > linphone_core_update_upnp_from_remote_media_description > (call=call@entry=0x555555abea90, > > > md=0x0) at upnp.c:684 > > > 684 for (i = 0; i < md->n_total_streams; i++) { > > > > > > (gdb) print md > > > $1 = (const SalMediaDescription *) 0x0 > > > > > > (gdb) bt > > > #0 linphone_core_update_upnp_from_remote_media_description > > > (call=call@entry=0x555555abea90, md=0x0) at upnp.c:684 > > > #1 0x00007ffff7bb3b29 in linphone_call_new_incoming (lc=lc@entry > =0x5555558a4410, > > > from=from@entry=0x555555abe9d0, to=to@entry=0x555555abea30, > op=op@entry=0x555555aa6f20) > > > at linphonecall.c:571 > > > #2 0x00007ffff7ba6331 in call_received (h=0x555555aa6f20) at > > > callbacks.c:256 > > > #3 0x00007ffff7ba0763 in inc_new_call (ev=0x7fffa0003e70, > > > sal=0x555555990bc0) at sal_eXosip2.c:1435 > > > #4 process_event (ev=0x7fffa0003e70, sal=0x555555990bc0) at > > > sal_eXosip2.c:2779 > > > #5 sal_iterate (sal=0x555555990bc0) at sal_eXosip2.c:2907 > > > #6 0x00007ffff7b95783 in linphone_core_iterate (lc=0x5555558a4410) at > > > linphonecore.c:2107 > > > #7 0x000055555556c290 in ?? () > > > #8 0x00007fffef5b6123 in ?? () from /lib/x86_64-linux-gnu/libglib- > > > 2.0.so.0 > > > #9 0x00007fffef5b56aa in g_main_context_dispatch () from > > > /lib/x86_64-linux-gnu/libglib-2.0.so.0 > > > #10 0x00007fffef5b5a60 in ?? () from /lib/x86_64-linux-gnu/libglib- > > > 2.0.so.0 > > > #11 0x00007fffef5b5d82 in g_main_loop_run () from > > > /lib/x86_64-linux-gnu/libglib-2.0.so.0 > > > #12 0x00007ffff76503b7 in gtk_main () from /usr/lib/x86_64-linux-gnu/ > > > libgtk-x11-2.0.so.0 > > > #13 0x0000555555569cfc in main () > > > > > > So linphone is trying to do NULL pointer dereference on line 684 which > > > makes instant segfault. > > > > > > Looking at the problematic libphonecall.c file and function > > > linphone_call_new_incoming()... and there is really a logical error. > > > > > > md=sal_call_get_remote_media_description(op); > > > ... > > > if (md) { > > > ... > > > call->params.has_video &= linphone_core_media_ > > > description_contains_video_stream(md); > > > } > > > ... > > > linphone_core_update_ice_from_remote_media_description(call, > > > sal_call_get_remote_media_description(op)); > > > ... > > > if (linphone_core_update_upnp_from_remote_media_description( > call, > > > sal_call_get_remote_media_description(op))<0) { > > > > > > First there is call to the sal_call_get_remote_media_description() > > > function and then return value is checked for NULL. > > > > > > Later there is again call for sal_call_get_remote_media_description() > > > but return value is not check and it is passed to functions > > > linphone_core_update_ice_from_remote_media_description() and > > > linphone_core_update_upnp_from_remote_media_description(). > > > > > > And functions linphone_core_update_upnp_from_remote_media_description( > ) > > > and linphone_core_update_ice_from_remote_media_description() then > > > dereference md argument without doing any check for NULL. > > > > > > for (i = 0; i < md->n_total_streams; i++) { > > > > > > if ((md->ice_pwd[0] != '\0') && (md->ice_ufrag[0] != '\0')) { > > > > > > So check for NULL pointer needs to be done to fix this problem. > > > Otherwise whole linphone application is unusable as it is not possible > > > to receive any call. > > > > > > -- > > > Pali Rohár > > > [email protected] > > > > > > _______________________________________________ > > > Linphone-developers mailing list > > > [email protected] > > > https://lists.nongnu.org/mailman/listinfo/linphone-developers > > > > > > > > > > > > -- > Pali Rohár > [email protected] > -- Sincerely, Russell Treleaven sip:[email protected]
