Segfault when user disconnects

[nschoe]

In my plugin, each time the user refreshes the page (hits F5, CMD + R) or exit the page (CTRL/CMD + W) Janus segfaults.
I haven't been able to reproduce the bug easily in the echotest plugin, so I can't be entirely sure this doesn't come from me.

Here is gdb's output using bt :

[812981000] Destroying SCTP association

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd1306700 (LWP 26823)]
0x00007ffff5678289 in srtp_dealloc () from /usr/lib/libsrtp.so.0
(gdb) bt
#0  0x00007ffff5678289 in srtp_dealloc () from /usr/lib/libsrtp.so.0
#1  0x000000000041ac3c in janus_dtls_srtp_destroy (dtls=0x7fffc0014000)
    at dtls.c:496
#2  0x0000000000421e85 in janus_ice_component_free (
    container=0x7fffc4001d80, component=0x7fffc4055f10) at ice.c:477
#3  0x0000000000421c7d in janus_ice_stream_free (
    container=0x7fffc4001cc0, stream=0x7fffc4055e00) at ice.c:438
#4  0x0000000000421a7f in janus_ice_webrtc_free (handle=0x7fffc4001a90)
    at ice.c:409
#5  0x0000000000421777 in janus_ice_free (handle=0x7fffc4001a90)
    at ice.c:354
#6  0x0000000000423221 in janus_ice_thread (data=0x7fffc4001a90)
    at ice.c:720
#7  0x00007ffff714ec95 in ?? () from /usr/lib/libglib-2.0.so.0
#8  0x00007ffff51d4124 in start_thread () from /usr/lib/libpthread.so.0
#9  0x00007ffff4f084bd in clone () from /usr/lib/libc.so.6

Always finishing with that Destroying SCTP association. I went on dtls.c, and replaced line 496 and 497 :

srtp_dealloc(dtls->srtp_in);
srtp_dealloc(dtls->srtp_out);

with :

if (dtls->srtp_in) {
   srtp_dealloc(dtls->srtp_in);
   dtls->srtp_in = NULL;
}
if (dtls->srtp_out)
{
   srtp_dealloc(dtls->srtp_out);
   dtls->srtp_out = NULL;
}

And it works. I don't have any segfault when the user refreshes or quits the page. But I wonder if this is a dirty fix or if the NULL check was indeed needed. I wonder why this doesn't happen with the echo test.

[lminiero]

Please provide info on what is being negotiated (SDPs). I'll have a
look at them when I get back to work.

2014-08-12 15:44 GMT+02:00, nschoe notifications@github.com:

In my plugin, each time the user refreshes the page (hits F5, CMD + R)
or exit the page (CTRL/CMD + W) Janus segfaults.
I haven't been able to reproduce the bug easily in the echotest plugin, so I
can't be entirely sure this doesn't come from me.

Here is gdb's output using bt :

[812981000] Destroying SCTP association

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd1306700 (LWP 26823)]
0x00007ffff5678289 in srtp_dealloc () from /usr/lib/libsrtp.so.0
(gdb) bt
#0  0x00007ffff5678289 in srtp_dealloc () from /usr/lib/libsrtp.so.0
#1  0x000000000041ac3c in janus_dtls_srtp_destroy (dtls=0x7fffc0014000)
    at dtls.c:496
#2  0x0000000000421e85 in janus_ice_component_free (
    container=0x7fffc4001d80, component=0x7fffc4055f10) at ice.c:477
#3  0x0000000000421c7d in janus_ice_stream_free (
    container=0x7fffc4001cc0, stream=0x7fffc4055e00) at ice.c:438
#4  0x0000000000421a7f in janus_ice_webrtc_free (handle=0x7fffc4001a90)
    at ice.c:409
#5  0x0000000000421777 in janus_ice_free (handle=0x7fffc4001a90)
    at ice.c:354
#6  0x0000000000423221 in janus_ice_thread (data=0x7fffc4001a90)
    at ice.c:720
#7  0x00007ffff714ec95 in ?? () from /usr/lib/libglib-2.0.so.0
#8  0x00007ffff51d4124 in start_thread () from /usr/lib/libpthread.so.0
#9  0x00007ffff4f084bd in clone () from /usr/lib/libc.so.6

Always finishing with that Destroying SCTP association. I went on dtls.c,
and replaced line 496 and 497 :

srtp_dealloc(dtls->srtp_in);
srtp_dealloc(dtls->srtp_out);

with :

if (dtls->srtp_in) {
   srtp_dealloc(dtls->srtp_in);
   dtls->srtp_in = NULL;
}
if (dtls->srtp_out)
{
   srtp_dealloc(dtls->srtp_out);
   dtls->srtp_out = NULL;
}

And it works. I don't have any segfault when the user refreshes or quits the
page. But I wonder if this is a dirty fix or if the NULL check was indeed
needed. I wonder why this doesn't happen with the echo test.

---

Reply to this email directly or view it on GitHub:
#54

[nschoe]

I'm using the same technique as the echotest, i.e. sending back the offer as an answer, because my browser talks directly to a server, not to another browser.
Here is the SDP answer :

v=0
o=Mozilla-SIPUA-31.0 16572 0 IN IP4 127.0.0.1
s=SIP Call
t=0 0
a=group:BUNDLE video data
a=msid-semantic: WMS janus
m=video 1 RTP/SAVPF 120
a=mid:video
c=IN IP4 xx.xx.xx.xx
a=sendrecv
a=rtcp-mux\na=ice-ufrag:tGKM
a=ice-pwd:42EP1Dzt+FAIIdOK7l2tbO
a=ice-options:trickle
a=fingerprint:sha-256 XX:XX:....
a=setup:active
a=connection:new
a=rtpmap:120 VP8/90000
a=rtcp-fb:120 nack
a=rtcp-fb:120 nack pli
a=rtcp-fb:120 ccm fir
a=ssrc:4074048181 cname:janusvideo
a=ssrc:4074048181 msid:janus janusv0
a=ssrc:4074048181 mslabel:janus
a=ssrc:4074048181 label:janusv0
a=candidate:1 1 udp 2013266431 xx.xx.xx.xx 54502 typ host
m=application 1 DTLS/SCTP 5000
a=mid:data
a=sctpmap:5000 webrtc-datachannel 16
c=IN IP4 xx.xx.xx.xx
a=sendrecv
a=ice-ufrag:2BnO
a=ice-pwd:K5ovVNBhY73C1JtEFrTtyY
a=ice-options:trickle
a=fingerprint:sha-256 XX:XX:....
a=setup:active
a=connection:new
a=candidate:2 1 udp 2013266431 xx.xx.xx.xx 45629 typ host

Note that it comes from Firefox.