[OpenSIPS-Devel] 1.4 current trunk segfault in nhelpr_funcs.c

Bogdan-Andrei Iancu bogdan at voice-system.ro
Wed Aug 12 13:46:14 CEST 2009 

Hi Bobby,

Indeed, I made the backport to 1.5, but not to 1.4 as 1.4 is not 
officially supported (last stable is 1.5). But as it was a simple one, I 
did a backport to 1.4 also.

Just update from SVN and give it a try.


Thanks and regards,
Bogdan


Bobby Smith wrote:
> It looks like this was fixed a few days ago in trunk but not 
> backported into 1.4. Is it safe to do so?
>
>
>
>
>
>
> On Aug 12, 2009, at 12:06 AM, Bobby Smith <bobby.smith at gmail.com 
> <mailto:bobby.smith at gmail.com>> wrote:
>
>> Greets,
>>
>> We've been having some issues with Opensips 1.4.5 crashing out due to 
>> a seg fault on about a daily basis. After finally being able to get 
>> around some gdb/debian configuration issues and compile cleanly, we 
>> were able to get some core dumps loaded to see what's happening 
>> (without just ambiguously asking questions in IRC :-P ). We upgraded 
>> to the current latest stable 1.4.5, in svn trunk, compiled cleanly, 
>> and have still been experiencing the same problem.
>>
>> It always seems to be focused around nhelpr_funcs.c, line 169:
>>
>> The past 3 cores have all pointed at the same issue. Summary of the 
>> stack trace is below, but we can definitely find a place to upload 
>> some core files if necessary:
>>
>> Also, to note, I don't know how similar or different the code bases 
>> between the current SER project is and OpenSIPS, but it looks like 
>> towards the end of April there was this bug fix: 
>> http://lists.sip-router.org/pipermail/sr-dev/2009-April/001602.html
>>
>> Which sounds similar to the type of issue we're experiencing.
>>
>> Anyway, the contents of the core:
>>
>>
>> Core was generated by `/sbin/opensips -P 
>> /var/run/opensips/opensips.pid -m 512 -u opensips -g opensips'.
>> Program terminated with signal 11, Segmentation fault.
>> #0 0x00007fd813ac785f in extract_body (msg=0x7792d8, 
>> body=0x7fff1ec52900) at nhelpr_funcs.c:169
>> 169 body->len = get_content_length(msg);
>> (gdb) bt full
>> #0 0x00007fd813ac785f in extract_body (msg=0x7792d8, 
>> body=0x7fff1ec52900) at nhelpr_funcs.c:169
>> c = <value optimized out>
>> skip = <value optimized out>
>> __FUNCTION__ = "extract_body"
>> #1 0x00007fd813ac15fd in fix_nated_sdp_f (msg=0x7792d8, str1=0xa 
>> <Address 0xa out of bounds>, str2=0x0) at nathelper.c:1649
>> body = {
>> s = 0x744d13 "Server: Linksys/SPA942-5.2.5\r\nContent-Length: 
>> 208\r\nAllow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, 
>> REFER\r\nSupported: replaces\r\nContent-Type: 
>> application/sdp\r\n\r\nv=0\r\no=- 23895158 23895158 IN IP"..., len = 
>> 7830104}
>> ip = {s = 0x777a58 "sip:VH35045 at 64.17.254.220:55136 
>> <http://sip:VH35045@64.17.254.220:55136>", len = 7830135}
>> level = <value optimized out>
>> buf = <value optimized out>
>> anchor = <value optimized out>
>> __FUNCTION__ = "fix_nated_sdp_f"
>>
>>
>> __FUNCTION__ = "fix_nated_sdp_f"
>> #2 0x000000000040f692 in do_action (a=0x777c98, msg=0x7792d8) at 
>> action.c:846
>> ret = <value optimized out>
>> v = <value optimized out>
>> to = <value optimized out>
>> p = <value optimized out>
>> tmp = <value optimized out>
>> new_uri = <value optimized out>
>> end = <value optimized out>
>> crt = <value optimized out>
>> len = <value optimized out>
>> user = <value optimized out>
>> uri = {user = {s = 0x36 <Address 0x36 out of bounds>, len = 7841088}, 
>> passwd = {s = 0x3e <Address 0x3e out of bounds>, len = 31}, host = {
>> s = 0x744cf3 "sip:VH35045 at 64.17.254.220:0 
>> <http://sip:VH35045@64.17.254.220:0>>\r\n\r\nServer: 
>> Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, 
>> CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: 
>> replaces\r\nContent-Type: application/sdp\r\n\r\n"..., len = 
>> 329995901}, port = {
>> s = 0x744d0e ">\r\n\r\nServer: 
>> Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, 
>> CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: 
>> replaces\r\nContent-Type: application/sdp\r\n\r\nv=0\r\no=- 23895158 
>> 23895158 "..., len = -255}, params = {s = 0x803 <Address 0x803 out of 
>> bounds>, len = 7830104}, headers = {s = 0x20 <Address 0x20 out of 
>> bounds>, len = 332185056}, port_no = 40544, proto = 119, type = 
>> ERROR_URI_T, transport = {
>> s = 0x744cff "64.17.254.220:0 
>> <http://64.17.254.220:0>>\r\n\r\nServer: 
>> Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, 
>> CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: 
>> replaces\r\nContent-Type: application/sdp\r\n\r\nv=0\r\no=- 238"..., 
>> len = 7621879}, ttl = {s = 0x7 <Address 0x7 out of bounds>, len = 0}, 
>> user_param = {s = 0x0, len = 7621887}, maddr = {s = 0xd <Address 0xd 
>> out of bounds>, len = 7621901}, method = {s = 0x1 <Address 0x1 out of 
>> bounds>,
>> len = 0}, lr = {s = 0x0, len = 0}, r2 = {s = 0x0, len = 0}, 
>> transport_val = {s = 0x0, len = 0}, ttl_val = {s = 0x0, len = 0}, 
>> user_param_val = {s = 0x0, len = 0}, maddr_val = {s = 0x0, len = 0}, 
>> method_val = {s = 0x0,
>> len = 0}, lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, len = 0}}
>> next_hop = {user = {s = 0x0, len = 7830280}, passwd = {s = 0x7792f8 
>> "\310Jt", len = 5}, host = {s = 0x15 <Address 0x15 out of bounds>, 
>> len = 32}, port = {s = 0x7fff1ec53030 "\300Jt", len = 4609174}, 
>> params = {s = 0x77f150 "\1",
>> len = 7621695}, headers = {s = 0x77aaf0 "\1", len = 7622283}, port_no 
>> = 0, proto = 0, type = ERROR_URI_T, transport = {s = 0x0, len = 54}, 
>> ttl = {s = 0x777ae8 "\2", len = 0}, user_param = {
>> s = 0x2 <Address 0x2 out of bounds>, len = 7836376}, maddr = {s = 
>> 0x7792d8 "\260\347^", len = 516239408}, method = {
>> s = 0x46dd4b 
>> "\211\303\351\303\366\377\377\273\377\377\377\377\351\271\366\377\377H\205\355\220t\a\307E\24\30", 
>> len = 516237904}, lr = {
>> s = 0x744d0e ">\r\n\r\nServer: 
>> Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, 
>> CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: 
>> replaces\r\nContent-Type: application/sdp\r\n\r\nv=0\r\no=- 23895158 
>> 23895158 "..., len = 516238264}, r2 = {s = 0x7fff1ec52c28 "", len = 
>> 516238280}, transport_val = {
>> s = 0x744cf3 "sip:VH35045 at 64.17.254.220:0 
>> <http://sip:VH35045@64.17.254.220:0>>\r\n\r\nServer: 
>> Linksys/SPA942-5.2.5\r\nContent-Length: 208\r\nAllow: ACK, BYE, 
>> CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER\r\nSupported: 
>> replaces\r\nContent-Type: application/sdp\r\n\r\n"..., len = 
>> 332185056}, ttl_val = {s = 0xd760 <Address 0xd760 out of bounds>, len 
>> = 516238328}, user_param_val = {s = 0x7fff1ec52c68 "\16", len = 
>> 516238312}, maddr_val = {s = 0x7fff1ec52c58 "\210yw", len = 516238344},
>> method_val = {s = 0x7fff1ec52c78 "ؒw", len = 516238360}, lr_val = {s 
>> = 0x419650 "I\211\304H\205\300\17\204}\1", len = 7836376}, r2_val = 
>> {s = 0x7792d8 "\260\347^", len = 516239408}}
>>
>>
>>
>> I can provide the rest on request, but in the message listed here, I 
>> do see a content length header in the parsed message.
>>
>> Thanks,
>>
>> Bobby Smith
> ------------------------------------------------------------------------
>
> _______________________________________________
> Devel mailing list
> Devel at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
>

More information about the Devel mailing list