[OpenSIPS-Devel] 1.4 current trunk segfault in nhelpr_funcs.c

Bobby Smith bobby.smith at gmail.com
Wed Aug 12 13:23:44 CEST 2009 

It looks like this was fixed a few days ago in trunk but not  
backported into 1.4.  Is it safe to do so?






On Aug 12, 2009, at 12:06 AM, Bobby Smith <bobby.smith at gmail.com> wrote:

> Greets,
>
> We've been having some issues with Opensips 1.4.5 crashing out due  
> to a seg fault on about a daily basis.  After finally being able to  
> get around some gdb/debian configuration issues and compile cleanly,  
> we were able to get some core dumps loaded to see what's happening  
> (without just ambiguously asking questions in IRC :-P ).  We  
> upgraded to the current latest stable 1.4.5, in svn trunk, compiled  
> cleanly, and have still been experiencing the same problem.
>
> It always seems to be focused around nhelpr_funcs.c, line 169:
>
> The past 3 cores have all pointed at the same issue.  Summary of the  
> stack trace is below, but we can definitely find a place to upload  
> some core files if necessary:
>
> Also, to note, I don't know how similar or different the code bases  
> between the current SER project is and OpenSIPS, but it looks like  
> towards the end of April there was this bug fix:  http://lists.sip-router.org/pipermail/sr-dev/2009-April/001602.html
>
> Which sounds similar to the type of issue we're experiencing.
>
> Anyway, the contents of the core:
>
>
> Core was generated by `/sbin/opensips -P /var/run/opensips/ 
> opensips.pid -m 512 -u opensips -g opensips'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x00007fd813ac785f in extract_body (msg=0x7792d8,  
> body=0x7fff1ec52900) at nhelpr_funcs.c:169
> 169        body->len = get_content_length(msg);
> (gdb) bt full
> #0  0x00007fd813ac785f in extract_body (msg=0x7792d8,  
> body=0x7fff1ec52900) at nhelpr_funcs.c:169
>         c = <value optimized out>
>         skip = <value optimized out>
>         __FUNCTION__ = "extract_body"
> #1  0x00007fd813ac15fd in fix_nated_sdp_f (msg=0x7792d8, str1=0xa  
> <Address 0xa out of bounds>, str2=0x0) at nathelper.c:1649
>         body = {
>           s = 0x744d13 "Server: Linksys/SPA942-5.2.5\r\nContent- 
> Length: 208\r\nAllow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY,  
> OPTIONS, REFER\r\nSupported: replaces\r\nContent-Type: application/ 
> sdp\r\n\r\nv=0\r\no=- 23895158 23895158 IN IP"..., len = 7830104}
>         ip = {s = 0x777a58 "sip:VH35045 at 64.17.254.220:55136", len =  
> 7830135}
>         level = <value optimized out>
>         buf = <value optimized out>
>         anchor = <value optimized out>
>         __FUNCTION__ = "fix_nated_sdp_f"
>
>
>         __FUNCTION__ = "fix_nated_sdp_f"
> #2  0x000000000040f692 in do_action (a=0x777c98, msg=0x7792d8) at  
> action.c:846
>         ret = <value optimized out>
>         v = <value optimized out>
>         to = <value optimized out>
>         p = <value optimized out>
>         tmp = <value optimized out>
>         new_uri = <value optimized out>
>         end = <value optimized out>
>         crt = <value optimized out>
>         len = <value optimized out>
>         user = <value optimized out>
>         uri = {user = {s = 0x36 <Address 0x36 out of bounds>, len =  
> 7841088}, passwd = {s = 0x3e <Address 0x3e out of bounds>, len =  
> 31}, host = {
>             s = 0x744cf3 "sip:VH35045 at 64.17.254.220:0>\r\n\r 
> \nServer: Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK,  
> BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported:  
> replaces\r\nContent-Type: application/sdp\r\n\r\n"..., len =  
> 329995901}, port = {
>             s = 0x744d0e ">\r\n\r\nServer: Linksys/SPA942-5.2.5\r 
> \nContent-Length: 208\r\nAllow: ACK, BYE, CANCEL, INFO, INVITE,  
> NOTIFY, OPTIONS, REFER\r\nSupported: replaces\r\nContent-Type:  
> application/sdp\r\n\r\nv=0\r\no=- 23895158 23895158 "..., len =  
> -255}, params = {s = 0x803 <Address 0x803 out of bounds>, len =  
> 7830104}, headers = {s = 0x20 <Address 0x20 out of bounds>, len =  
> 332185056}, port_no = 40544, proto = 119, type = ERROR_URI_T,  
> transport = {
>             s = 0x744cff "64.17.254.220:0>\r\n\r\nServer: Linksys/ 
> SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, CANCEL,  
> INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: replaces\r 
> \nContent-Type: application/sdp\r\n\r\nv=0\r\no=- 238"..., len =  
> 7621879}, ttl = {s = 0x7 <Address 0x7 out of bounds>, len = 0},  
> user_param = {s = 0x0, len = 7621887}, maddr = {s = 0xd <Address 0xd  
> out of bounds>, len = 7621901}, method = {s = 0x1 <Address 0x1 out  
> of bounds>,
>             len = 0}, lr = {s = 0x0, len = 0}, r2 = {s = 0x0, len =  
> 0}, transport_val = {s = 0x0, len = 0}, ttl_val = {s = 0x0, len =  
> 0}, user_param_val = {s = 0x0, len = 0}, maddr_val = {s = 0x0, len =  
> 0}, method_val = {s = 0x0,
>             len = 0}, lr_val = {s = 0x0, len = 0}, r2_val = {s =  
> 0x0, len = 0}}
>         next_hop = {user = {s = 0x0, len = 7830280}, passwd = {s =  
> 0x7792f8 "\310Jt", len = 5}, host = {s = 0x15 <Address 0x15 out of  
> bounds>, len = 32}, port = {s = 0x7fff1ec53030 "\300Jt", len =  
> 4609174}, params = {s = 0x77f150 "\1",
>             len = 7621695}, headers = {s = 0x77aaf0 "\1", len =  
> 7622283}, port_no = 0, proto = 0, type = ERROR_URI_T, transport = {s  
> = 0x0, len = 54}, ttl = {s = 0x777ae8 "\2", len = 0}, user_param = {
>             s = 0x2 <Address 0x2 out of bounds>, len = 7836376},  
> maddr = {s = 0x7792d8 "\260\347^", len = 516239408}, method = {
>             s = 0x46dd4b  
> "\2 
> 11\303\351\303\366\377\377\273\377\377\377\377\351\271\366\377\377H 
> \205\355\220t\a\307E\24\30", len = 516237904}, lr = {
>             s = 0x744d0e ">\r\n\r\nServer: Linksys/SPA942-5.2.5\r 
> \nContent-Length: 208\r\nAllow: ACK, BYE, CANCEL, INFO, INVITE,  
> NOTIFY, OPTIONS, REFER\r\nSupported: replaces\r\nContent-Type:  
> application/sdp\r\n\r\nv=0\r\no=- 23895158 23895158 "..., len =  
> 516238264}, r2 = {s = 0x7fff1ec52c28 "", len = 516238280},  
> transport_val = {
>             s = 0x744cf3 "sip:VH35045 at 64.17.254.220:0>\r\n\r 
> \nServer: Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK,  
> BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported:  
> replaces\r\nContent-Type: application/sdp\r\n\r\n"..., len =  
> 332185056}, ttl_val = {s = 0xd760 <Address 0xd760 out of bounds>,  
> len = 516238328}, user_param_val = {s = 0x7fff1ec52c68 "\16", len =  
> 516238312}, maddr_val = {s = 0x7fff1ec52c58 "\210yw", len =  
> 516238344},
>           method_val = {s = 0x7fff1ec52c78 "ؒw", len = 516238360}, l 
> r_val = {s = 0x419650 "I\211\304H\205\300\17\204}\1", len = 7836376} 
> , r2_val = {s = 0x7792d8 "\260\347^", len = 516239408}}
>
>
>
> I can provide the rest on request, but in the message listed here, I  
> do see a content length header in the parsed message.
>
> Thanks,
>
> Bobby Smith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/devel/attachments/20090812/fc4d6ca1/attachment.htm

More information about the Devel mailing list