[OpenSIPS-Devel] [ opensips-Bugs-3033111 ] pua_dialoginfo crashes when using calle?_spec_param
SourceForge.net
noreply at sourceforge.net
Thu Jul 22 19:35:02 CEST 2010
Bugs item #3033111, was opened at 2010-07-22 18:29
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3033111&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Stanislaw Pitucha (viraptor)
>Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: pua_dialoginfo crashes when using calle?_spec_param
Initial Comment:
If I try to use own parameters, I'm get the following log (starts at assigning to spec_param, then dialoginfo_set("B")):
Jul 22 16:22:37 v-test-sip-1 opensips[15132]: DBG:core:pv_get_xto_attr: no Display name
Jul 22 16:22:37 v-test-sip-1 opensips[15132]: DBG:core:dialoginfo_set: new INVITE dialog created: from=sip:2433237 at devsip.gradwell.net
Jul 22 16:22:37 v-test-sip-1 opensips[15132]: DBG:core:parse_to: spitting out [2] in status 2
Jul 22 16:22:37 v-test-sip-1 opensips[15132]: DBG:core:dialoginfo_set: caller: ""2433237"" <sip:2433237 at devsip.gradwell.net>^M - len= 47
Jul 22 16:22:37 v-test-sip-1 opensips[15132]: DBG:core:new_dlg_val: inserting <dlg_entity>=<""2433237"" <sip:2433237 at devsip.gradwell.net>^M >
Jul 22 16:22:37 v-test-sip-1 opensips[15132]: DBG:core:dialoginfo_set: Peer uri = " <sip:2433238 at devsip.gradwell.net>^M
Jul 22 16:22:37 v-test-sip-1 opensips[15132]: ERROR:core:parse_to: unexpected char [^M] in status 1: <<" <sip:2433238 at devsip.gradwell.net>>> .
Jul 22 16:22:37 v-test-sip-1 opensips[15132]: DBG:core:new_dlg_val: inserting <dlg_peer>=<" <sip:2433238 at devsip.gradwell.net>^M >
Jul 22 16:22:37 v-test-sip-1 opensips[15132]: DBG:core:new_dlg_val: inserting <dlginfo_flag>=<B>
Jul 22 16:22:37 v-test-sip-1 opensips[15134]: DBG:core:utimer_routine: timer routine:4,tl=0xb01b0bd0 next=(nil), timeout=137900000
Jul 22 16:22:37 v-test-sip-1 opensips[15134]: DBG:core:utimer_routine: timer routine:4,tl=0xb01b3414 next=0xb01acb68, timeout=138000000
Jul 22 16:22:37 v-test-sip-1 opensips[15134]: DBG:core:utimer_routine: timer routine:4,tl=0xb01acb68 next=(nil), timeout=138000000
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: INFO:core:handle_sigs: child process 15132 exited by a signal 11
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: INFO:core:handle_sigs: core was generated
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: INFO:core:handle_sigs: terminating due to SIGCHLD
Jul 22 16:22:38 v-test-sip-1 opensips[15139]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15138]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15137]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15136]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15134]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15133]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15130]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15129]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15135]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15131]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15140]: INFO:core:sig_usr: signal 15 received
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:destroy: destroying module ...
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: INFO:core:pike_exit: destroying...
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:destroy: destroying module ...
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:destroy: destroying module ...
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:print_ua_pres: pres_uri= sip:2433237 at devsip.gradwell.net len= 31
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:print_ua_pres: etag= a.1279803218.13090.9.17 - len= 23
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:print_ua_pres: id= DIALOG_PUBLISH
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:print_ua_pres: expires= 3599
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:db_update: --------
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:db_update: UPDATEDB_FLAG
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:db_update: Updating:n_query_update= 3 n_update_cols= 4
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:pool_remove: connection still kept in the pool
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:destroy: start
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: DBG:core:pool_remove: connection still kept in the pool
Jul 22 16:22:38 v-test-sip-1 opensips[15128]: NOTICE:core:destroy: destroy module ...
It seems to be some kind of memory corruption, because the stack is destroyed and entity somehow was dereferenced on line 253, even though it's NULL:
#0 0x001b43b8 in build_dialoginfo (state=0x100a0 <Address 0x100a0 out of bounds>, entity=0x0, peer=0x24880000, callid=0xeb7811d4, initiator=2296119297, localtag=0x48d0063, remotetag=0x1ff43733) at dialog_publish.c:255
255 memcpy(buf, entity->display.s+1, entity->display.len-2);
(gdb) bt
#0 0x001b43b8 in build_dialoginfo (state=0x100a0 <Address 0x100a0 out of bounds>, entity=0x0, peer=0x24880000, callid=0xeb7811d4, initiator=2296119297, localtag=0x48d0063, remotetag=0x1ff43733) at dialog_publish.c:255
#1 0x77b40063 in ?? ()
#2 0x000100a0 in ?? ()
#3 0x00000000 in ?? ()
(gdb) list
250 entity->display.s, MAX_URI_SIZE);
251 return NULL;
252 }
253 if(entity->display.s[0] == '"')
254 {
255 memcpy(buf, entity->display.s+1, entity->display.len-2);
256 buf[entity->display.len-2] = '\0';
257 }
258 else
259 {
----------------------------------------------------------------------
>Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2010-07-22 20:35
Message:
Thanks Stan!
Regards,
Bogdan
----------------------------------------------------------------------
Comment By: Stanislaw Pitucha (viraptor)
Date: 2010-07-22 20:03
Message:
Attached a fix.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3033111&group_id=232389
More information about the Devel
mailing list