[OpenSIPS-Devel] [ opensips-Bugs-2844261 ] db_mysql_val2bind: Segmentfault managing presence/XCAP

SourceForge.net noreply at sourceforge.net
Tue Aug 25 16:58:00 CEST 2009


Bugs item #2844261, was opened at 2009-08-25 16:30
Message generated for change (Comment added) made by ibc_sf
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2844261&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
Status: Open
Resolution: None
>Priority: 4
Private: No
Submitted By: Iñaki Baz Castillo (ibc_sf)
Assigned to: Nobody/Anonymous (nobody)
Summary: db_mysql_val2bind: Segmentfault managing presence/XCAP

Initial Comment:
Scenario:

- alice allows bob in pres-rules.
- bob subscribes to alice and receives NOTIFY "active".
- "active_watches" and "watchers" contain an entry with status = 1.
- alice removes bob from pres-rules document.
- OpenSIPS crashes.



gdb backtrace:
-----------------------------------
#0  0x00007fe8b40a1ac9 in db_mysql_val2bind (v=0x7fffbce46cd0, binds=0x754630, i=<value optimized out>) at val.c:254
        t = <value optimized out>
        mt = <value optimized out>
        __FUNCTION__ = "db_mysql_val2bind"
#1  0x00007fe8b409d4c6 in db_mysql_do_prepared_query (conn=0x743a90, query=0x7fe8b42b46d0, v=0x7fffbce468c0, n=2, uv=0x7fffbce46c90, un=4) at dbase.c:446
        i = 2
        code = <value optimized out>
        cols = <value optimized out>
        pq_ptr = (struct prep_stmt *) 0x7545f0
        ctx = (struct my_stmt_ctx *) 0x754840
        mysql_bind = (MYSQL_BIND *) 0x754630
        __FUNCTION__ = "db_mysql_do_prepared_query"
#2  0x00007fe8b409ea7f in db_mysql_update (_h=0x743a90, _k=0x7fffbce46d50, _o=0x0, _v=0x7fffbce46c90, _uk=0x7fffbce46960, _uv=0x7fffbce468c0, _n=4, _un=2) at dbase.c:921
        ret = 0
#3  0x00007fe8b1983010 in pres_update_status (subs=
      {pres_uri = {s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, to_user = {s = 0x48 <Address 0x48 out of bounds>, len = 7687880}, to_domain = {s = 0x3000000028 <Address 0x3000000028 out of bounds>, len = 9789856}, from_user = {s = 0x754038 "ibc�", len = 3}, from_domain = {s = 0x754070 "sipdoc.net", len = 10}, event = 0x7fe8a8bea908, event_id = {s = 0x7fe8b4536708 "�\226���H\2155T\177\n", len = 9768792}, to_tag = {s = 0x7fe8b480f9e0 "", len = 9768400}, from_tag = {s = 0x3c2 <Address 0x3c2 out of bounds>, len = 8}, callid = {s = 0x6e87a8 "\b�\221��\177", len = -1125880288}, sockinfo = 0x7fe8b4536a56, remote_cseq = 0, local_cseq = 0, contact = {s = 0x7fe8b480f9e0 "", len = 7501728}, local_contact = {s = 0x3c2 <Address 0x3c2 out of bounds>, len = 8}, record_route = {s = 0x6e87a8 "\b�\221��\177", len = -1125880288}, expires = 3025365590, status = 1, reason = {s = 0x0, len = 0}, version = -1315510560, db_flag = 155, auth_rules_doc = 0x754090, next = 0x1}, reason={s = 0x956202 "", len = 0}, query_cols=0x7fffbce46d50,
    query_vals=0x7fffbce46c90, n_query_cols=<value optimized out>, subs_array=0x7fffbce46dd0) at presence.c:652
        update_cols = {0x7fe8b1b9e470, 0x7fe8b1b9e480, 0x0, 0x7fe8b480f9e0, 0x7277a0}
        update_vals = {{type = DB_INT, nul = 0, free = 0, val = {int_val = 1, double_val = 4.9406564584124654e-324, time_val = 1, string_val = 0x1 <Address 0x1 out of bounds>,
      str_val = {s = 0x1 <Address 0x1 out of bounds>, len = 7684064}, blob_val = {s = 0x1 <Address 0x1 out of bounds>, len = 7684064}, bitmap_val = 1}}, {type = DB_STR, nul = 0,
    free = 7685368, val = {int_val = 0, double_val = 0, time_val = 0, string_val = 0x0, str_val = {s = 0x0, len = 0}, blob_val = {s = 0x0, len = 0}, bitmap_val = 0}}, {
    type = 81504, nul = 0, free = 9798048, val = {int_val = 9806208, double_val = 4.8449104887735986e-317, time_val = 9806208, string_val = 0x95a180 "\004\"���\177", str_val = {
        s = 0x95a180 "\004\"���\177", len = -1266615840}, blob_val = {s = 0x95a180 "\004\"���\177", len = -1266615840}, bitmap_val = 9806208}}, {type = 65152, nul = 0,
    free = -1269602552, val = {int_val = 9768792, double_val = 4.8264245285688025e-317, time_val = 9768792, string_val = 0x950f58 "�\220\225", str_val = {
        s = 0x950f58 "�\220\225", len = -1266615840}, blob_val = {s = 0x950f58 "�\220\225", len = -1266615840}, bitmap_val = 9768792}}, {type = 9768400, nul = 0, free = 7687952,
    val = {int_val = 7687896, double_val = 3.7983253024003359e-317, time_val = 7687896, string_val = 0x754ed8 "\002", str_val = {s = 0x754ed8 "\002", len = 3}, blob_val = {
        s = 0x754ed8 "\002", len = 3}, bitmap_val = 7687896}}}
        my_ps = (db_ps_t) 0x7545f0
        __FUNCTION__ = "pres_update_status"
#4  0x00007fe8b1984a2b in update_watchers_status (pres_uri={s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, ev=0x7fe8a8bea908,
    rules_doc=<value optimized out>) at presence.c:884
        subs = {pres_uri = {s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, to_user = {s = 0x48 <Address 0x48 out of bounds>, len = 7687880}, to_domain = {
    s = 0x3000000028 <Address 0x3000000028 out of bounds>, len = 9789856}, from_user = {s = 0x754038 "ibc�", len = 3}, from_domain = {s = 0x754070 "sipdoc.net", len = 10},
  event = 0x7fe8a8bea908, event_id = {s = 0x7fe8b4536708 "�\226���H\2155T\177\n", len = 9768792}, to_tag = {s = 0x7fe8b480f9e0 "", len = 9768400}, from_tag = {
    s = 0x3c2 <Address 0x3c2 out of bounds>, len = 8}, callid = {s = 0x6e87a8 "\b�\221��\177", len = -1125880288}, sockinfo = 0x7fe8b4536a56, remote_cseq = 0, local_cseq = 0,
  contact = {s = 0x7fe8b480f9e0 "", len = 7501728}, local_contact = {s = 0x3c2 <Address 0x3c2 out of bounds>, len = 8}, record_route = {s = 0x6e87a8 "\b�\221��\177",
    len = -1125880288}, expires = 3025365590, status = 2, reason = {s = 0x0, len = 0}, version = -1315510560, db_flag = 155, auth_rules_doc = 0x754090, next = 0x1}
        query_cols = {0x7fe8b1b9e4c0, 0x7fe8b1b9e3d0, 0x7fe8b1b9e3a0, 0x7fe8b1b9e3b0, 0x7fe8b196e650, 0x7fe8b196e640}
        result_cols = {0x7fe8b1b9e470, 0x7fe8b1b9e480, 0x7fe8b1b9e3a0, 0x7fe8b1b9e3b0, 0x7fe8b196e620}
        query_vals = {{type = DB_STR, nul = 0, free = 7243688, val = {int_val = 7618219, double_val = 3.7639002903950554e-317, time_val = 7618219,
      string_val = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", str_val = {s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, blob_val = {
        s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}, bitmap_val = 7618219}}, {type = DB_STR, nul = 0, free = -1125880432, val = {int_val = -1463899736,
      double_val = 6.9484028912589328e-310, time_val = 140637240207784, string_val = 0x7fe8a8bea9a8 "presence ", str_val = {s = 0x7fe8a8bea9a8 "presence ", len = 8}, blob_val = {
        s = 0x7fe8a8bea9a8 "presence ", len = 8}, bitmap_val = 2831067560}}, {type = DB_STR, nul = 0, free = 4706946, val = {int_val = 7684152,
      double_val = 3.7964755206223063e-317, time_val = 7684152, string_val = 0x754038 "ibc�", str_val = {s = 0x754038 "ibc�", len = 3}, blob_val = {s = 0x754038 "ibc�", len = 3},
      bitmap_val = 7684152}}, {type = DB_STR, nul = 0, free = 101, val = {int_val = 7684208, double_val = 3.7965031882984734e-317, time_val = 7684208,
      string_val = 0x754070 "sipdoc.net", str_val = {s = 0x754070 "sipdoc.net", len = 10}, blob_val = {s = 0x754070 "sipdoc.net", len = 10}, bitmap_val = 7684208}}, {
    type = DB_INT, nul = 0, free = 7683888, val = {int_val = 2, double_val = 9.8813129168249309e-324, time_val = 2, string_val = 0x2 <Address 0x2 out of bounds>, str_val = {
        s = 0x2 <Address 0x2 out of bounds>, len = 7618237}, blob_val = {s = 0x2 <Address 0x2 out of bounds>, len = 7618237}, bitmap_val = 2}}, {type = 7683680, nul = 0,
    free = -1269247584, val = {int_val = 40, double_val = 4.03179200481028e-313, time_val = 81604378664, string_val = 0x1300000028 <Address 0x1300000028 out of bounds>,
     str_val = {s = 0x1300000028 <Address 0x1300000028 out of bounds>, len = 0}, blob_val = {s = 0x1300000028 <Address 0x1300000028 out of bounds>, len = 0}, bitmap_val = 40}}}
        result = (db_res_t *) 0x0
        row_vals = <value optimized out>
        i = 0
        reason = {s = 0x956202 "", len = 0}
        subs_array = (subs_t *) 0x0
        s = <value optimized out>
        hash_code = <value optimized out>
        err_ret = <value optimized out>
        n = 1
        watchers = <value optimized out>
        ws_list = (ws_t *) 0x754ed8
        __FUNCTION__ = "update_watchers_status"
#5  0x00007fe8b1985188 in mi_refreshWatchers (cmd=<value optimized out>, param=<value optimized out>) at presence.c:532
        node = <value optimized out>
        pres_uri = {s = 0x743eab "sip:bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 19}
        event = {s = 0x743ec1 "presence\"\n\"0\"\n", len = 8}
        uri = {user = {s = 0x743eaf "bob at oversip.net\"\n\"presence\"\n\"0\"\n", len = 3}, passwd = {s = 0x0, len = 0}, host = {
    s = 0x743eb3 "oversip.net\"\n\"presence\"\n\"0\"\n", len = 11}, port = {s = 0x0, len = 0}, params = {s = 0x0, len = 0}, headers = {s = 0x0, len = 0}, port_no = 0, proto = 0,
  type = SIP_URI_T, transport = {s = 0x0, len = 0}, ttl = {s = 0x0, len = 0}, user_param = {s = 0x0, len = 0}, maddr = {s = 0x0, len = 0}, method = {s = 0x0, len = 0}, lr = {
    s = 0x0, len = 0}, r2 = {s = 0x0, len = 0}, transport_val = {s = 0x0, len = 0}, ttl_val = {s = 0x0, len = 0}, user_param_val = {s = 0x0, len = 0}, maddr_val = {s = 0x0,
    len = 0}, method_val = {s = 0x0, len = 0}, lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, len = 0}}
        ev = (pres_ev_t *) 0x7fe8a8bea908
        rules_doc = (str *) 0x754090
        result = 0
        refresh_type = 0
        __FUNCTION__ = "mi_refreshWatchers"
#6  0x00007fe8b42b8591 in mi_datagram_server (rx_sock=17, tx_sock=18) at ../../mi/mi.h:104
        mi_cmd = (struct mi_root *) 0x753e60
        mi_rpl = (struct mi_root *) 0x754488
        hdl = (struct mi_handler *) 0x0
        f = (struct mi_cmd *) 0x72ff90
        dtgram = {start = 0x743e98 ":refreshWatchers", current = 0x743ece "\n", len = 1}
        ret = <value optimized out>
        __FUNCTION__ = "mi_datagram_server"
#7  0x00007fe8b42ba168 in datagram_process (rank=0) at mi_datagram.c:310
        __FUNCTION__ = "datagram_process"
#8  0x0000000000458de9 in start_module_procs () at sr_module.c:585
        m = (struct sr_module *) 0x730600
        n = 0
        l = 0
        x = <value optimized out>
        __FUNCTION__ = "start_module_procs"
#9  0x000000000042343d in main (argc=<value optimized out>, argv=0x7fffbce47238) at main.c:837
        cfg_log_stderr = <value optimized out>
        cfg_stream = (FILE *) 0x0
        c = <value optimized out>
        r = 8
        tmp = 0x7fffbce47a21 ""
        tmp_len = <value optimized out>
        port = <value optimized out>
        proto = <value optimized out>
        ret = <value optimized out>
        seed = 1695407668
        rfd = <value optimized out>

[...]
--------------------------

----------------------------------------------------------------------

>Comment By: Iñaki Baz Castillo (ibc_sf)
Date: 2009-08-25 16:58

Message:
The error is 100% reproducible.

----------------------------------------------------------------------

Comment By: Iñaki Baz Castillo (ibc_sf)
Date: 2009-08-25 16:38

Message:
Sorry, the scenario is the following (two crashes confirmed):

- alice allows bob in pres-rules.
 - bob subscribes to alice and receives NOTIFY "active".
 - "active_watches" and "watchers" contain an entry with status = 1.
 - alice removes bob from pres-rules document.
- OpenSIPS sends NOTIFY "terminated;deactivated".
- bob subscribes again and OpenSIPS replies NOTIFY "pending".
 - "active_watches" and "watchers" contain an entry with status = 2.
- alice allows bob again in pres-rules.
 - OpenSIPS crashes.
 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2844261&group_id=232389



More information about the Devel mailing list