asterisk crashes dialing h264 video sip device

Bug #1671767 reported by Jörg Hänsel on 2017-03-10
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
asterisk (Ubuntu)
High
Unassigned
Xenial
Undecided
Unassigned

Bug Description

[Impact]
========
when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) asterisk crashes with a core dump

[Test Case]
===========
1. See comment #6

[Regression Potential]
======================
Since the patch is already included in more recent versions of asterisk there is no regression.

Due to the location of code changes that are applied to - If an unexpected error manifests, it should be local to the h264 encoding which is broken today.

[Other Info]
============
none

---

asterisk 1:13.1.0~dfsg-1.1ubuntu4

lsb_release -rd:
Description: Ubuntu 16.04.2 LTS
Release: 16.04

Bug details:
============
when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) asterisk crashes with a core dump:

Connected to Asterisk 13.1.0~dfsg-1.1ubuntu4 currently running on samson (pid = 29051)
samson*CLI> console dial waldorf@Phones
    -- Executing [waldorf@Phones:1] Dial("Console/default", "SIP/waldorf,60") in new stack
  == Using SIP VIDEO CoS mark 6
  == Using SIP RTP CoS mark 5
    -- Called SIP/waldorf
    -- SIP/waldorf-00000000 is ringing
samson*CLI>
Disconnected from Asterisk server
Asterisk cleanly ending (0).
Executing last minute cleanups

Analysis:
=========
gdb reveals that the module "res_format_attr_h264.so" is resposible due to a memory allocation failure while examining tokens of the "sprop-parameter-sets" string in the SIP header.

Proposed Solution:
==================
This bug is already fixed by 2 small patches included in a more recenent versions of "res/res_format_attr_h264.c"

https://issues.asterisk.org/jira/browse/ASTERISK-24616
Crash in res_format_attr_h264 due to invalid string copy

https://issues.asterisk.org/jira/browse/ASTERISK-25573
[patch] H.264 format attribute module: resets whole SDP

This fixed version of "res/res_format_attr_h264.c" is included e.g. in asterisk (1:13.13.1~dfsg-4ubuntu1) zesty.

Fixed+Tested:
=============
I tested by rebuiling asterisk 1:13.1.0~dfsg-1.1ubuntu4 packages with the "res/res_format_attr_h264.c" taken from asterisk 1:13.13.1~dfsg-4ubuntu1 and could connect to the sip device without any problems.

I would be great, if you could add this patch into asterisk 1:13.1.0~dfsg-1.1ubuntu4, since I don't want to use self built debs on a 16.4 LTS production system.

Thanks a lot
Jörg

Jörg Hänsel (spiderbaby) wrote :

attached the patch generated with quilt in debian/patches in my testing package

Jörg Hänsel (spiderbaby) wrote :

still status "New" after one week?

Hi Jörg,
thank you so much for your report and all the work already identifying the fix and all that!
That is a great help to make Ubuntu better.

Due to your good preparation this is great to be picked up soon IMO as one finds a few minutes to prep all that is needed. We have an activity on Wednesday trying to more actively include our great community in issues just as such [1].

I consider this a great bug to be handled there and will mark it accordingly to have a good chance to be picked up there.

[1]: https://lists.ubuntu.com/archives/ubuntu-server/2017-March/007502.html

tags: added: patch server-next
Changed in asterisk (Ubuntu):
status: New → Triaged
importance: Undecided → High
Jörg Hänsel (spiderbaby) wrote :

Hi Christian,
this sounds great!
It's a pleasure for me to support the community.

Thank you again,
Jörg

Hi Jörg,
I picked this issue as the first starting on our Day.
I'm at a point where I think I could pass over to you.

I have done the prep of packaging the suggested fix.
If you are interested, Doc will be in our Ubuntu Server Bug Squashing Day Minutes I guess.
An unpolished version is at http://paste.ubuntu.com/24227424/ for you.

Eventually that means I prepared a fix in the following Bileto ppa: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2622

The next steps I'd count on you if that is ok, you'd need to:
1. check the fix in the ppa if it works
2. add an SRU Template here (copy and modify [1]
3. following [2] then please subscribe ubuntu-sponsors as I can't upload myself - they can just publish from the bileto ticket [3] if they want

Update this bug for each step that you have taken, no matter if successful or failing so that we can help.
I'm available as cpaelzer on #ubuntu-server if you have questions, so are rbasak and nacc

[1]: https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template
[2]: https://wiki.ubuntu.com/SponsorshipProcess
[3]: https://bileto.ubuntu.com/#/ticket/2622

Jörg Hänsel (spiderbaby) wrote :
Download full text (5.4 KiB)

Hi Christian,

thank you for all the coordiniation and for preparing the test package!
I tested the package(s) yesterday evening on my test server successfully and filled out the SRU template with my test results (s.b.).

Could you please tell me, what exactly I have to a point 3 in your list?

Best regards
Jörg

[Impact]
========
when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) asterisk crashes with a core dump

[Test Case]
===========
1. Asterisk configuration:

1.1. sip.conf:
[...]
videosupport=yes

[waldorf]
allow=h264
context=Phones
host=dynamic
secret=12345
type=friend
directmedia=no

1.2. extensions.conf:
[...]

[Phones]
exten => waldorf,1,Dial(SIP/${EXTEN},10)
 same => n,Hangup()

2.1. Reproducible crash with current version of asterisk (asterisk 1:13.1.0~dfsg-1.1ubuntu4) in 16.4 LTS:

root@samson:~# dpkg-query -l|grep asterisk
ii asterisk 1:13.1.0~dfsg-1.1ubuntu4 amd64 Open Source Private Branch Exchange (PBX)
ii asterisk-config 1:13.1.0~dfsg-1.1ubuntu4 all Configuration files for Asterisk
ii asterisk-core-sounds-en-gsm 1.4.22-1 all asterisk PBX sound files - en-us/gsm
ii asterisk-modules 1:13.1.0~dfsg-1.1ubuntu4 amd64 loadable modules for the Asterisk PBX
root@samson:~# asterisk -rvvv
Asterisk 13.1.0~dfsg-1.1ubuntu4, Copyright (C) 1999 - 2014, Digium, Inc. and others.
Created by Mark Spencer <email address hidden>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 13.1.0~dfsg-1.1ubuntu4 currently running on samson (pid = 5866)
samson*CLI> console dial waldorf@Phones
    -- Executing [waldorf@Phones:1] Dial("Console/default", "SIP/waldorf") in new stack
  == Using SIP VIDEO CoS mark 6
  == Using SIP RTP CoS mark 5
    -- Called SIP/waldorf
    -- SIP/waldorf-00000001 is ringing
samson*CLI>
Disconnected from Asterisk server
Asterisk cleanly ending (0).
Executing last minute cleanups

2.2. No Crash after installing patched version (1:13.1.0~dfsg-1.1ubuntu4.1 ) (https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2622):

root@samson:~# add-apt-repository ppa:ci-train-ppa-service/2622
[...]
root@samson:~# apt-get update
[...]
root@samson:~# apt-get upgrade
[...]
root@samson:~# dpkg-query -l|grep asterisk
ii asterisk 1:13.1.0~dfsg-1.1ubuntu4.1 amd64 Open Source Private Branch Exchange (PBX)
ii asterisk-config 1:13.1.0~dfsg-1.1ubuntu4.1 all Configuration files for Asterisk
ii asterisk-core-sounds-en-gsm 1.4.22-1 all asterisk PBX sound files - en-us/gsm
ii asterisk-modules...

Read more...

description: updated

Hi Jörg,
I moved it up to the description and extended the regression potential.
It is always important to document that you (or I in that case) really thought about potential regressions and if/how they would manifest.

On point 3 - a TL;DR:
- What that does is get attention of people that are allowed to "ack" on this making its way into the release.
- First read link [2] in my post
- You'll realize that for this case this essentially boils down to just subscribing "ubuntu-sponsors" to this bug

Tomorrow is a special day [1] to sponsor a bunch of lost things, so adding that today increases the chance to get things rather soon.

I can do that for you if that was yet unclear, but since this is also about learning I'd encourage you to try.

[1]: https://lists.ubuntu.com/archives/ubuntu-devel/2017-March/039714.html
[2]: https://wiki.ubuntu.com/SponsorshipProcess

Jörg Hänsel (spiderbaby) wrote :

Hi Christian,
sorry, I am still not familar with the full the process. I used the "Subscribe someone else" link to subscribe "ubuntu-sponsors". Hope that was correct.

Best regards,
Jörg

On Thu, Mar 23, 2017 at 1:51 PM, JörgHänsel <email address hidden>
wrote:

> sorry, I am still not familar with the full the process. I used the
> "Subscribe someone else" link to subscribe "ubuntu-sponsors". Hope that was
> correct.

It was, now you are a bit more familiar than before.
thank you!

Jörg Hänsel (spiderbaby) wrote :

Hi Christian,
can you tell me when or if the fixed version of asterisk will be released?

Thank you
Jörg

Nish Aravamudan (nacc) on 2017-03-30
Changed in asterisk (Ubuntu):
status: Triaged → Fix Released
Nish Aravamudan (nacc) wrote :

I have sponsored the change, although it needed some retooling to be DEP3 compliant. I am attaching the debdiff I generated.

Changed in asterisk (Ubuntu Xenial):
status: New → In Progress
Jörg Hänsel (spiderbaby) wrote :

Thank you Nish!

Jörg Hänsel (spiderbaby) wrote :

Can I do anything else to help to get the fixed package released?

Nish Aravamudan (nacc) wrote :

On Mon, Apr 3, 2017 at 5:03 AM, Jörg Hänsel <email address hidden> wrote:
> Can I do anything else to help to get the fixed package released?

As of right now, no. It's sitting in the unapproved queue waiting for
an SRU team member to process it:
https://launchpad.net/ubuntu/xenial/+queue?queue_state=1&queue_text=

It will get processed this week, hopefully.

Hello Jörg, or anyone else affected,

Accepted asterisk into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/asterisk/1:13.1.0~dfsg-1.1ubuntu4.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in asterisk (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Jörg Hänsel (spiderbaby) wrote :
Download full text (10.0 KiB)

Hello Łukasz,

I tested your asterisk 1:13.1.0~dfsg-1.1ubuntu4.1 package from the proposed repository.

This packaged fixed the bug for me.

TEST CASE for 16.04 SRU:
========================
1. use xenial
2. install asterisk
3. add SIP-clients to sip.conf and extensions.conf
4. dial h264 SIP client from asterisk console

Testing:
========
1. Check that system is up to date:
-----------------------------------
root@samson:~# apt-get update
Hit:1 http://de.archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu xenial-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Fetched 102 kB in 0s (148 kB/s)
Reading package lists... Done
root@samson:~# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@samson:~#

2. Check that buggy package is installed:
-----------------------------------------
root@samson:~# dpkg-query -l|grep asterisk
ii asterisk 1:13.1.0~dfsg-1.1ubuntu4 amd64 Open Source Private Branch Exchange (PBX)
ii asterisk-config 1:13.1.0~dfsg-1.1ubuntu4 all Configuration files for Asterisk
ii asterisk-core-sounds-en-gsm 1.4.22-1 all asterisk PBX sound files - en-us/gsm
ii asterisk-modules 1:13.1.0~dfsg-1.1ubuntu4 amd64 loadable modules for the Asterisk PBX
root@samson:~#

3. Test Case with buggy package:
--------------------------------
root@samson:~# asterisk -rvvv
Asterisk 13.1.0~dfsg-1.1ubuntu4, Copyright (C) 1999 - 2014, Digium, Inc. and others.
Created by Mark Spencer <email address hidden>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 13.1.0~dfsg-1.1ubuntu4 currently running on samson (pid = 7163)
samson*CLI> console dial waldorf@Phones
    -- Executing [waldorf@Phones:1] Dial("Console/default", "SIP/waldorf") in new stack
  == Using SIP VIDEO CoS mark 6
  == Using SIP RTP CoS mark 5
    -- Called SIP/waldorf
    -- SIP/waldorf-00000001 is ringing
samson*CLI>
Disconnected from Asterisk server
Asterisk cleanly ending (0).
Executing last minute cleanups
root@samson:~#

root@samson:~# ls -l /var/lib/asterisk/
insgesamt 32640
-rw-r--r-- 1 asterisk asterisk 3072 Apr 4 19:32 astdb.sqlite3
-rw------- 1 asterisk asterisk 98623488 Apr 4 19:36 core
drwxr-xr-x 2 asterisk asterisk 4096 Apr 5 2016 moh
drwxr-xr-x 3 asterisk asterisk 4096 Nov 16 10:15 sounds
-rw-r--r-- 1 asterisk asterisk 4096 Apr 4 19:48 sqlite.db
root@samson:~#

4.+5. Adding pro...

Jörg Hänsel (spiderbaby) wrote :

How can I change the tag from verification-needed to verification-done?

tags: added: verification-done
removed: verification-needed

Jörg, you did perfectly right, thanks for your verification and also you got the tag changed correctly.

It also has not caused any testing issues in [1].

According to the SRU process it will now sit in proposed for ~7 days - rarely less, sometimes more to give "the world" chance to realize if there is an issue.
You can see those in [2] and there is asterisk with currently 0 days and the bug in green/golden.

If nothing happens in approximately a week or so an SRU Team member will accept it and then it will migrate from -proposed to -updates and be available to everybody out there.

[1]: http://people.canonical.com/~ubuntu-archive/proposed-migration/xenial/update_excuses.html
[2]: http://people.canonical.com/~ubuntu-archive/pending-sru

Jörg Hänsel (spiderbaby) wrote :

Hi Christian,
thank you for the info!

Robie Basak (racb) wrote :

Thank you for the detailed report on the testing you performed. This is very much appreciated as it helps give us confidence about not regression existing users by releasing the update.

The verification of the Stable Release Update for asterisk has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package asterisk - 1:13.1.0~dfsg-1.1ubuntu4.1

---------------
asterisk (1:13.1.0~dfsg-1.1ubuntu4.1) xenial; urgency=medium

  * debian/patches/fix_h264.patch: Backport fixes for H.264 support.
    Thanks to Joshua Colp <email address hidden>, Alexander Traud
    <email address hidden>, and Jörg Hänsel. Closes LP: #1671767.

 -- Nishanth Aravamudan <email address hidden> Thu, 30 Mar 2017 16:43:30 -0700

Changed in asterisk (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers