[OpenSIPS-Devel] [ opensips-Bugs-2844261 ] db_mysql_val2bind: Segmentfault managing presence/XCAP
SourceForge.net
noreply at sourceforge.net
Tue Aug 25 16:58:00 CEST 2009
Bugs item #2844261, was opened at 2009-08-25 16:30
Message generated for change (Comment added) made by ibc_sf
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2844261&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
Status: Open
Resolution: None
>Priority: 4
Private: No
Submitted By: Iñaki Baz Castillo (ibc_sf)
Assigned to: Nobody/Anonymous (nobody)
Summary: db_mysql_val2bind: Segmentfault managing presence/XCAP
Initial Comment:
Scenario:
- alice allows bob in pres-rules.
- bob subscribes to alice and receives NOTIFY "active".
- "active_watches" and "watchers" contain an entry with status = 1.
- alice removes bob from pres-rules document.
- OpenSIPS crashes.
gdb backtrace:
-----------------------------------
#0 0x00007fe8b40a1ac9 in db_mysql_val2bind (v=0x7fffbce46cd0, binds=0x754630, i=<value optimized out>) at val.c:254
t = <value optimized out>
mt = <value optimized out>
__FUNCTION__ = "db_mysql_val2bind"
#1 0x00007fe8b409d4c6 in db_mysql_do_prepared_query (conn=0x743a90, query=0x7fe8b42b46d0, v=0x7fffbce468c0, n=2, uv=0x7fffbce46c90, un=4) at dbase.c:446
i = 2
code = <value optimized out>
cols = <value optimized out>
pq_ptr = (struct prep_stmt *) 0x7545f0
ctx = (struct my_stmt_ctx *) 0x754840
mysql_bind = (MYSQL_BIND *) 0x754630
__FUNCTION__ = "db_mysql_do_prepared_query"
#2 0x00007fe8b409ea7f in db_mysql_update (_h=0x743a90, _k=0x7fffbce46d50, _o=0x0, _v=0x7fffbce46c90, _uk=0x7fffbce46960, _uv=0x7fffbce468c0, _n=4, _un=2) at dbase.c:921
ret = 0
#3 0x00007fe8b1983010 in pres_update_status (subs=
{pres_uri = {s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, to_user = {s = 0x48 <Address 0x48 out of bounds>, len = 7687880}, to_domain = {s = 0x3000000028 <Address 0x3000000028 out of bounds>, len = 9789856}, from_user = {s = 0x754038 "ibc�", len = 3}, from_domain = {s = 0x754070 "sipdoc.net", len = 10}, event = 0x7fe8a8bea908, event_id = {s = 0x7fe8b4536708 "�\226���H\2155T\177\n", len = 9768792}, to_tag = {s = 0x7fe8b480f9e0 "", len = 9768400}, from_tag = {s = 0x3c2 <Address 0x3c2 out of bounds>, len = 8}, callid = {s = 0x6e87a8 "\b�\221��\177", len = -1125880288}, sockinfo = 0x7fe8b4536a56, remote_cseq = 0, local_cseq = 0, contact = {s = 0x7fe8b480f9e0 "", len = 7501728}, local_contact = {s = 0x3c2 <Address 0x3c2 out of bounds>, len = 8}, record_route = {s = 0x6e87a8 "\b�\221��\177", len = -1125880288}, expires = 3025365590, status = 1, reason = {s = 0x0, len = 0}, version = -1315510560, db_flag = 155, auth_rules_doc = 0x754090, next = 0x1}, reason={s = 0x956202 "", len = 0}, query_cols=0x7fffbce46d50,
query_vals=0x7fffbce46c90, n_query_cols=<value optimized out>, subs_array=0x7fffbce46dd0) at presence.c:652
update_cols = {0x7fe8b1b9e470, 0x7fe8b1b9e480, 0x0, 0x7fe8b480f9e0, 0x7277a0}
update_vals = {{type = DB_INT, nul = 0, free = 0, val = {int_val = 1, double_val = 4.9406564584124654e-324, time_val = 1, string_val = 0x1 <Address 0x1 out of bounds>,
str_val = {s = 0x1 <Address 0x1 out of bounds>, len = 7684064}, blob_val = {s = 0x1 <Address 0x1 out of bounds>, len = 7684064}, bitmap_val = 1}}, {type = DB_STR, nul = 0,
free = 7685368, val = {int_val = 0, double_val = 0, time_val = 0, string_val = 0x0, str_val = {s = 0x0, len = 0}, blob_val = {s = 0x0, len = 0}, bitmap_val = 0}}, {
type = 81504, nul = 0, free = 9798048, val = {int_val = 9806208, double_val = 4.8449104887735986e-317, time_val = 9806208, string_val = 0x95a180 "\004\"���\177", str_val = {
s = 0x95a180 "\004\"���\177", len = -1266615840}, blob_val = {s = 0x95a180 "\004\"���\177", len = -1266615840}, bitmap_val = 9806208}}, {type = 65152, nul = 0,
free = -1269602552, val = {int_val = 9768792, double_val = 4.8264245285688025e-317, time_val = 9768792, string_val = 0x950f58 "�\220\225", str_val = {
s = 0x950f58 "�\220\225", len = -1266615840}, blob_val = {s = 0x950f58 "�\220\225", len = -1266615840}, bitmap_val = 9768792}}, {type = 9768400, nul = 0, free = 7687952,
val = {int_val = 7687896, double_val = 3.7983253024003359e-317, time_val = 7687896, string_val = 0x754ed8 "\002", str_val = {s = 0x754ed8 "\002", len = 3}, blob_val = {
s = 0x754ed8 "\002", len = 3}, bitmap_val = 7687896}}}
my_ps = (db_ps_t) 0x7545f0
__FUNCTION__ = "pres_update_status"
#4 0x00007fe8b1984a2b in update_watchers_status (pres_uri={s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, ev=0x7fe8a8bea908,
rules_doc=<value optimized out>) at presence.c:884
subs = {pres_uri = {s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, to_user = {s = 0x48 <Address 0x48 out of bounds>, len = 7687880}, to_domain = {
s = 0x3000000028 <Address 0x3000000028 out of bounds>, len = 9789856}, from_user = {s = 0x754038 "ibc�", len = 3}, from_domain = {s = 0x754070 "sipdoc.net", len = 10},
event = 0x7fe8a8bea908, event_id = {s = 0x7fe8b4536708 "�\226���H\2155T\177\n", len = 9768792}, to_tag = {s = 0x7fe8b480f9e0 "", len = 9768400}, from_tag = {
s = 0x3c2 <Address 0x3c2 out of bounds>, len = 8}, callid = {s = 0x6e87a8 "\b�\221��\177", len = -1125880288}, sockinfo = 0x7fe8b4536a56, remote_cseq = 0, local_cseq = 0,
contact = {s = 0x7fe8b480f9e0 "", len = 7501728}, local_contact = {s = 0x3c2 <Address 0x3c2 out of bounds>, len = 8}, record_route = {s = 0x6e87a8 "\b�\221��\177",
len = -1125880288}, expires = 3025365590, status = 2, reason = {s = 0x0, len = 0}, version = -1315510560, db_flag = 155, auth_rules_doc = 0x754090, next = 0x1}
query_cols = {0x7fe8b1b9e4c0, 0x7fe8b1b9e3d0, 0x7fe8b1b9e3a0, 0x7fe8b1b9e3b0, 0x7fe8b196e650, 0x7fe8b196e640}
result_cols = {0x7fe8b1b9e470, 0x7fe8b1b9e480, 0x7fe8b1b9e3a0, 0x7fe8b1b9e3b0, 0x7fe8b196e620}
query_vals = {{type = DB_STR, nul = 0, free = 7243688, val = {int_val = 7618219, double_val = 3.7639002903950554e-317, time_val = 7618219,
string_val = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", str_val = {s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, blob_val = {
s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, bitmap_val = 7618219}}, {type = DB_STR, nul = 0, free = -1125880432, val = {int_val = -1463899736,
double_val = 6.9484028912589328e-310, time_val = 140637240207784, string_val = 0x7fe8a8bea9a8 "presence ", str_val = {s = 0x7fe8a8bea9a8 "presence ", len = 8}, blob_val = {
s = 0x7fe8a8bea9a8 "presence ", len = 8}, bitmap_val = 2831067560}}, {type = DB_STR, nul = 0, free = 4706946, val = {int_val = 7684152,
double_val = 3.7964755206223063e-317, time_val = 7684152, string_val = 0x754038 "ibc�", str_val = {s = 0x754038 "ibc�", len = 3}, blob_val = {s = 0x754038 "ibc�", len = 3},
bitmap_val = 7684152}}, {type = DB_STR, nul = 0, free = 101, val = {int_val = 7684208, double_val = 3.7965031882984734e-317, time_val = 7684208,
string_val = 0x754070 "sipdoc.net", str_val = {s = 0x754070 "sipdoc.net", len = 10}, blob_val = {s = 0x754070 "sipdoc.net", len = 10}, bitmap_val = 7684208}}, {
type = DB_INT, nul = 0, free = 7683888, val = {int_val = 2, double_val = 9.8813129168249309e-324, time_val = 2, string_val = 0x2 <Address 0x2 out of bounds>, str_val = {
s = 0x2 <Address 0x2 out of bounds>, len = 7618237}, blob_val = {s = 0x2 <Address 0x2 out of bounds>, len = 7618237}, bitmap_val = 2}}, {type = 7683680, nul = 0,
free = -1269247584, val = {int_val = 40, double_val = 4.03179200481028e-313, time_val = 81604378664, string_val = 0x1300000028 <Address 0x1300000028 out of bounds>,
str_val = {s = 0x1300000028 <Address 0x1300000028 out of bounds>, len = 0}, blob_val = {s = 0x1300000028 <Address 0x1300000028 out of bounds>, len = 0}, bitmap_val = 40}}}
result = (db_res_t *) 0x0
row_vals = <value optimized out>
i = 0
reason = {s = 0x956202 "", len = 0}
subs_array = (subs_t *) 0x0
s = <value optimized out>
hash_code = <value optimized out>
err_ret = <value optimized out>
n = 1
watchers = <value optimized out>
ws_list = (ws_t *) 0x754ed8
__FUNCTION__ = "update_watchers_status"
#5 0x00007fe8b1985188 in mi_refreshWatchers (cmd=<value optimized out>, param=<value optimized out>) at presence.c:532
node = <value optimized out>
pres_uri = {s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}
event = {s = 0x743ec1 "presence\"\n\"0\"\n", len = 8}
uri = {user = {s = 0x743eaf "bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 3}, passwd = {s = 0x0, len = 0}, host = {
s = 0x743eb3 "oversip.net\"\n\"presence\"\n\"0\"\n", len = 11}, port = {s = 0x0, len = 0}, params = {s = 0x0, len = 0}, headers = {s = 0x0, len = 0}, port_no = 0, proto = 0,
type = SIP_URI_T, transport = {s = 0x0, len = 0}, ttl = {s = 0x0, len = 0}, user_param = {s = 0x0, len = 0}, maddr = {s = 0x0, len = 0}, method = {s = 0x0, len = 0}, lr = {
s = 0x0, len = 0}, r2 = {s = 0x0, len = 0}, transport_val = {s = 0x0, len = 0}, ttl_val = {s = 0x0, len = 0}, user_param_val = {s = 0x0, len = 0}, maddr_val = {s = 0x0,
len = 0}, method_val = {s = 0x0, len = 0}, lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, len = 0}}
ev = (pres_ev_t *) 0x7fe8a8bea908
rules_doc = (str *) 0x754090
result = 0
refresh_type = 0
__FUNCTION__ = "mi_refreshWatchers"
#6 0x00007fe8b42b8591 in mi_datagram_server (rx_sock=17, tx_sock=18) at ../../mi/mi.h:104
mi_cmd = (struct mi_root *) 0x753e60
mi_rpl = (struct mi_root *) 0x754488
hdl = (struct mi_handler *) 0x0
f = (struct mi_cmd *) 0x72ff90
dtgram = {start = 0x743e98 ":refreshWatchers", current = 0x743ece "\n", len = 1}
ret = <value optimized out>
__FUNCTION__ = "mi_datagram_server"
#7 0x00007fe8b42ba168 in datagram_process (rank=0) at mi_datagram.c:310
__FUNCTION__ = "datagram_process"
#8 0x0000000000458de9 in start_module_procs () at sr_module.c:585
m = (struct sr_module *) 0x730600
n = 0
l = 0
x = <value optimized out>
__FUNCTION__ = "start_module_procs"
#9 0x000000000042343d in main (argc=<value optimized out>, argv=0x7fffbce47238) at main.c:837
cfg_log_stderr = <value optimized out>
cfg_stream = (FILE *) 0x0
c = <value optimized out>
r = 8
tmp = 0x7fffbce47a21 ""
tmp_len = <value optimized out>
port = <value optimized out>
proto = <value optimized out>
ret = <value optimized out>
seed = 1695407668
rfd = <value optimized out>
[...]
--------------------------
----------------------------------------------------------------------
>Comment By: Iñaki Baz Castillo (ibc_sf)
Date: 2009-08-25 16:58
Message:
The error is 100% reproducible.
----------------------------------------------------------------------
Comment By: Iñaki Baz Castillo (ibc_sf)
Date: 2009-08-25 16:38
Message:
Sorry, the scenario is the following (two crashes confirmed):
- alice allows bob in pres-rules.
- bob subscribes to alice and receives NOTIFY "active".
- "active_watches" and "watchers" contain an entry with status = 1.
- alice removes bob from pres-rules document.
- OpenSIPS sends NOTIFY "terminated;deactivated".
- bob subscribes again and OpenSIPS replies NOTIFY "pending".
- "active_watches" and "watchers" contain an entry with status = 2.
- alice allows bob again in pres-rules.
- OpenSIPS crashes.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2844261&group_id=232389
More information about the Devel
mailing list