[OpenSIPS-Devel] [ opensips-Bugs-3011765 ] segfault in xmlrpc
SourceForge.net
noreply at sourceforge.net
Tue Jul 13 10:42:15 CEST 2010
Bugs item #3011765, was opened at 2010-06-05 13:39
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3011765&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: 1.6.x
Status: Open
>Resolution: Invalid
Priority: 5
Private: No
Submitted By: Flavio Goncalves (flaviogoncalves)
>Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: segfault in xmlrpc
Initial Comment:
OpenSIPS 1.6.2 is segfaulting in the xmlrpc module. It seems to be corrupting some of the fields.
Backtrace #1
[New process 23293]
[New process 19097]
#0 0x080ee388 in fm_malloc (qm=0x81bfcc0, size=<value optimized out>)
at mem/f_malloc.c:172
172 *pf=n->u.nxt_free;
(gdb) backtrace
#0 0x080ee388 in fm_malloc (qm=0x81bfcc0, size=<value optimized out>)
at mem/f_malloc.c:172
#1 0x08133800 in init_mi_tree (code=200, reason=0x320eb5 "OK", reason_len=2)
at mi/tree.c:53
#2 0x003153f9 in mi_profile_list (cmd_tree=0x81f283c, param=0x0)
at dlg_profile.c:835
#3 0x007a82d2 in default_method (env=0x77fa61b4, host=0x0,
methodName=0x9f59ed0 "profile_list_dlgs", paramArray=0x9f57218,
serverInfo=0x0) at ../../mi/mi.h:104
#4 0x002cefbd in xmlrpc_dispatchCall (envP=0x77fa61b4, registryP=0x9f3af48,
methodName=0x9f59ed0 "profile_list_dlgs", paramArrayP=0x9f57218,
resultPP=0x77fa61c0) at registry.c:321
#5 0x002cf1a7 in xmlrpc_registry_process_call (envP=0x77fa6220,
registryP=0x9f3af48, host=0x0,
xml_data=0x9f587c8 "<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodCall><methodName>profile_list_dlgs</methodName><params><param><value>pstn</value></param></params></methodCall>net.br</value></param></params></methodCall>"...,
xml_len=156) at registry.c:432
#6 0x002cc79b in handleXmlrpcReq (this=0x9f3c838, abyssSessionP=0x77fa6270,
handledP=0x77fa6328) at xmlrpc_server_abyss.c:382
#7 0x00360ce0 in serverFunc (userHandle=0x9f56180) at server.c:1048
#8 0x0035c7d0 in connJob (userHandle=0x9f56180) at conn.c:35
#9 0x00364592 in pthreadStart (arg=0x9f58390) at thread_pthread.c:47
---Type <return> to continue, or q <return> to quit---
#10 0x0036c73b in start_thread () from /lib/libpthread.so.0
#11 0x00acacfe in clone () from /lib/libc.so.6
The parameter net.br was never sent in the xml request (The domain is airtel.net.br)
Backtrace #2
#0 0x080ee388 in fm_malloc (qm=0x81bfcc0, size=<value optimized out>)
at mem/f_malloc.c:172
#1 0x0812f8af in add_mi_attr (node=0x81f2814, flags=<value optimized out>,
name=0x81717c8 "ID", name_len=2, value=0x81bfc9c "0", value_len=1)
at mi/attr.c:78
#2 0x08132c67 in mi_ps (cmd=0x0, param=0x0) at mi/mi_core.c:252
#3 0x0022d2d2 in default_method (env=0x77f1f1b4, host=0x0,
methodName=0x860bb40 "ps", paramArray=0x860c7b8, serverInfo=0x0)
at ../../mi/mi.h:104
#4 0x00f15fbd in xmlrpc_dispatchCall (envP=0x77f1f1b4, registryP=0x85ed8a8,
methodName=0x860bb40 "ps", paramArrayP=0x860c7b8, resultPP=0x77f1f1c0)
at registry.c:321
#5 0x00f161a7 in xmlrpc_registry_process_call (envP=0x77f1f220,
registryP=0x85ed8a8, host=0x0,
xml_data=0x860d750 "<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodCall><methodName>ps</methodName><params/></methodCall>dName><params/></methodCall>\betho9", xml_len=99) at registry.c:432
#6 0x0074b79b in handleXmlrpcReq (this=0x85eec40, abyssSessionP=0x77f1f270,
handledP=0x77f1f328) at xmlrpc_server_abyss.c:382
#7 0x0023ace0 in serverFunc (userHandle=0x860a7d0) at server.c:1048
#8 0x002367d0 in connJob (userHandle=0x860a7d0) at conn.c:35
#9 0x0023e592 in pthreadStart (arg=0x86084a0) at thread_pthread.c:47
#10 0x00b4c73b in start_thread () from /lib/libpthread.so.0
In the backtrace #2 the parameter betho9 was never sent with the command but appeared in the log. This is something that call my attention.
----------------------------------------------------------------------
>Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2010-07-13 11:42
Message:
Hi Flavio,
I suspect it is related to the way the libxmlrpc-c3 lib was compiled (like
having threading support instead of forking/processes support) -> this may
lead to concurrent unprotected access to memory data.
Did you installed the xmlrpc lib from packages or did you compiled by
yourself ?
Regards,
Bogdan
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3011765&group_id=232389
More information about the Devel
mailing list