[OpenSIPS-Devel] tm msg_cb bug in failure route

Kennard_White at logitech.com Kennard_White at logitech.com
Fri Aug 20 23:13:18 CEST 2010



Hi,

There is a segfault bug in HEAD opensips (and probably earlier versions)
related to the msg_cb feature and failure route processing by tm. When a
message is cloned into shared memory, the msg_cb field is not zeroed. If a
failure branch adds more branches (as in 302 redirect handling), then the
msg_cb list is traversed again. Since this happens in different process
than original request process, the pointers are bogus and yield segfault.

Fix (including more things) are uploaded as part of patch 3047314

Regards,
Kennard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/devel/attachments/20100820/58b1e3b7/attachment.htm 


More information about the Devel mailing list