[OpenSIPS-Devel] 1.4 current trunk segfault in nhelpr_funcs.c

Bobby Smith bobby.smith at gmail.com
Wed Aug 12 06:06:22 CEST 2009 

Greets,

We've been having some issues with Opensips 1.4.5 crashing out due to a seg
fault on about a daily basis.  After finally being able to get around some
gdb/debian configuration issues and compile cleanly, we were able to get
some core dumps loaded to see what's happening (without just ambiguously
asking questions in IRC :-P ).  We upgraded to the current latest stable
1.4.5, in svn trunk, compiled cleanly, and have still been experiencing the
same problem.

It always seems to be focused around nhelpr_funcs.c, line 169:

The past 3 cores have all pointed at the same issue.  Summary of the stack
trace is below, but we can definitely find a place to upload some core files
if necessary:

Also, to note, I don't know how similar or different the code bases between
the current SER project is and OpenSIPS, but it looks like towards the end
of April there was this bug fix:
http://lists.sip-router.org/pipermail/sr-dev/2009-April/001602.html

Which sounds similar to the type of issue we're experiencing.

Anyway, the contents of the core:


Core was generated by `/sbin/opensips -P /var/run/opensips/opensips.pid -m
512 -u opensips -g opensips'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fd813ac785f in extract_body (msg=0x7792d8, body=0x7fff1ec52900)
at nhelpr_funcs.c:169
169        body->len = get_content_length(msg);
(gdb) bt full
#0  0x00007fd813ac785f in extract_body (msg=0x7792d8, body=0x7fff1ec52900)
at nhelpr_funcs.c:169
        c = <value optimized out>
        skip = <value optimized out>
        __FUNCTION__ = "extract_body"
#1  0x00007fd813ac15fd in fix_nated_sdp_f (msg=0x7792d8, str1=0xa <Address
0xa out of bounds>, str2=0x0) at nathelper.c:1649
        body = {
          s = 0x744d13 "Server: Linksys/SPA942-5.2.5\r\nContent-Length:
208\r\nAllow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS,
REFER\r\nSupported: replaces\r\nContent-Type:
application/sdp\r\n\r\nv=0\r\no=- 23895158 23895158 IN IP"..., len =
7830104}
        ip = {s = 0x777a58 "sip:VH35045 at 64.17.254.220:55136", len = 7830135}
        level = <value optimized out>
        buf = <value optimized out>
        anchor = <value optimized out>
        __FUNCTION__ = "fix_nated_sdp_f"


        __FUNCTION__ = "fix_nated_sdp_f"
#2  0x000000000040f692 in do_action (a=0x777c98, msg=0x7792d8) at
action.c:846
        ret = <value optimized out>
        v = <value optimized out>
        to = <value optimized out>
        p = <value optimized out>
        tmp = <value optimized out>
        new_uri = <value optimized out>
        end = <value optimized out>
        crt = <value optimized out>
        len = <value optimized out>
        user = <value optimized out>
        uri = {user = {s = 0x36 <Address 0x36 out of bounds>, len =
7841088}, passwd = {s = 0x3e <Address 0x3e out of bounds>, len = 31}, host =
{
            s = 0x744cf3 "sip:VH35045 at 64.17.254.220:0>\r\n\r\nServer:
Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: replaces\r\nContent-Type:
application/sdp\r\n\r\n"..., len = 329995901}, port = {
            s = 0x744d0e ">\r\n\r\nServer:
Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: replaces\r\nContent-Type:
application/sdp\r\n\r\nv=0\r\no=- 23895158 23895158 "..., len = -255},
params = {s = 0x803 <Address 0x803 out of bounds>, len = 7830104}, headers =
{s = 0x20 <Address 0x20 out of bounds>, len = 332185056}, port_no = 40544,
proto = 119, type = ERROR_URI_T, transport = {
            s = 0x744cff "64.17.254.220:0>\r\n\r\nServer:
Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: replaces\r\nContent-Type:
application/sdp\r\n\r\nv=0\r\no=- 238"..., len = 7621879}, ttl = {s = 0x7
<Address 0x7 out of bounds>, len = 0}, user_param = {s = 0x0, len =
7621887}, maddr = {s = 0xd <Address 0xd out of bounds>, len = 7621901},
method = {s = 0x1 <Address 0x1 out of bounds>,
            len = 0}, lr = {s = 0x0, len = 0}, r2 = {s = 0x0, len = 0},
transport_val = {s = 0x0, len = 0}, ttl_val = {s = 0x0, len = 0},
user_param_val = {s = 0x0, len = 0}, maddr_val = {s = 0x0, len = 0},
method_val = {s = 0x0,
            len = 0}, lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, len =
0}}
        next_hop = {user = {s = 0x0, len = 7830280}, passwd = {s = 0x7792f8
"\310Jt", len = 5}, host = {s = 0x15 <Address 0x15 out of bounds>, len =
32}, port = {s = 0x7fff1ec53030 "\300Jt", len = 4609174}, params = {s =
0x77f150 "\1",
            len = 7621695}, headers = {s = 0x77aaf0 "\1", len = 7622283},
port_no = 0, proto = 0, type = ERROR_URI_T, transport = {s = 0x0, len = 54},
ttl = {s = 0x777ae8 "\2", len = 0}, user_param = {
            s = 0x2 <Address 0x2 out of bounds>, len = 7836376}, maddr = {s
= 0x7792d8 "\260\347^", len = 516239408}, method = {
            s = 0x46dd4b
"\211\303\351\303\366\377\377\273\377\377\377\377\351\271\366\377\377H\205\355\220t\a\307E\24\30",
len = 516237904}, lr = {
            s = 0x744d0e ">\r\n\r\nServer:
Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: replaces\r\nContent-Type:
application/sdp\r\n\r\nv=0\r\no=- 23895158 23895158 "..., len = 516238264},
r2 = {s = 0x7fff1ec52c28 "", len = 516238280}, transport_val = {
            s = 0x744cf3 "sip:VH35045 at 64.17.254.220:0>\r\n\r\nServer:
Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: replaces\r\nContent-Type:
application/sdp\r\n\r\n"..., len = 332185056}, ttl_val = {s = 0xd760
<Address 0xd760 out of bounds>, len = 516238328}, user_param_val = {s =
0x7fff1ec52c68 "\16", len = 516238312}, maddr_val = {s = 0x7fff1ec52c58
"\210yw", len = 516238344},
          method_val = {s = 0x7fff1ec52c78 "ؒw", len = 516238360}, lr_val =
{s = 0x419650 "I\211\304H\205\300\17\204}\1", len = 7836376}, r2_val = {s =
0x7792d8 "\260\347^", len = 516239408}}



I can provide the rest on request, but in the message listed here, I do see
a content length header in the parsed message.

Thanks,

Bobby Smith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/devel/attachments/20090812/f7d98c36/attachment-0001.htm

More information about the Devel mailing list