[OpenSIPS-Devel] [ opensips-Bugs-2921180 ] 1.6.1 crash at free_params
SourceForge.net
noreply at sourceforge.net
Tue Dec 29 17:39:58 CET 2009
Bugs item #2921180, was opened at 2009-12-25 20:43
Message generated for change (Comment added) made by kriborgen
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2921180&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: 1.6.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Kristian Borgen (kriborgen)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: 1.6.1 crash at free_params
Initial Comment:
One out of five times opensips crash after cancelling an invite, always at free_contenttype -> free_params, with dbg msg "DBG:tm:clean_msg_clone: removing hdr->parsed 12".
----------------------------------------------------------------------
>Comment By: Kristian Borgen (kriborgen)
Date: 2009-12-29 17:39
Message:
I call nat_uac_test and has_body from request route.
Core output without optimization is attached if you want the full core
dump please tell me where to upload i cant get it below 256k so it can be
uploaded here.
----------------------------------------------------------------------
Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2009-12-29 16:40
Message:
Hi Kristian,
where do you call (for request) the nathelper and textops functions that
triggers the parsing of content-type hdr? in request route? branch route?
failure?
I'm trying to reproduce this to get to the bottom of it.
BTW, any chance to get access to the core file to inspect it?
Regards,
Bogdan
----------------------------------------------------------------------
Comment By: Kristian Borgen (kriborgen)
Date: 2009-12-29 01:02
Message:
I think i found the problem, in my case nathelper and textops functions
parses the body and sets msg->content_type->parsed which point outside the
uas.request memory chunk as it always has, but in 1.6.1 someone has added
HDR_CONTENTTYPE_T to hdr_allocs_parse and clean_msg_clone now tries to free
this memory where param->next sometimes has an illegal pointer.
----------------------------------------------------------------------
Comment By: Kristian Borgen (kriborgen)
Date: 2009-12-27 11:25
Message:
Sorry for not being to clear, i use the 1.6.1-notls release running on
debian etch and my client is a snom 190 if it is of any difference, I did
some more debugging and noticed that crash only happens when the msg->multi
is set when reaching clean_msg_clone, if i add check msg->multi &&
hdr->type == 12 and don't call clean_hdr_field if true then i don't see any
crashes.
----------------------------------------------------------------------
Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2009-12-27 10:38
Message:
what opensips revision are you using ?
Regards,
Bogdan
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2921180&group_id=232389
More information about the Devel
mailing list