[OpenSIPS-Devel] [ opensips-Bugs-3000072 ] segfault in pua_dialoginfo module

SourceForge.net noreply at sourceforge.net
Sat May 29 20:40:44 CEST 2010


Bugs item #3000072, was opened at 2010-05-11 18:46
Message generated for change (Comment added) made by vabdulla
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3000072&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: 1.6.x
Status: Open
Resolution: None
Priority: 8
Private: No
Submitted By: vabdulla (vabdulla)
Assigned to: Anca Vamanu (anca_vamanu)
Summary: segfault in pua_dialoginfo module

Initial Comment:
Hello,
I have regularly segfaults in opensips 1.6 from svn (2:6840M) with presence enabled. The problem seems to happen when parsing a to header with parameters. Here is the backtrace:

#0  0x080d4fd5 in parse_to (buffer=0x819c9a0 "sip:2032 at sipb01.proxy.com;user=phone\r\n", end=0x819c9c7 "", to_b=0xbfe176b8) at parser/parse_to.c:189
189     parser/parse_to.c: No such file or directory.
        in parser/parse_to.c
(gdb) bt
#0  0x080d4fd5 in parse_to (buffer=0x819c9a0 "sip:2032 at sipb01.proxy.com;user=phone\r\n", end=0x819c9c7 "", to_b=0xbfe176b8) at parser/parse_to.c:189
#1  0xb7995969 in __dialog_sendpublish (dlg=0xafa87fa8, type=32, _params=0xb7b52bc0) at pua_dialoginfo.c:303
#2  0xb7b37876 in run_dlg_callbacks (type=32, dlg=0xafa87fa8, msg=0x81990f4, dir=1, dlg_data=0x0) at dlg_cb.c:253
#3  0xb7b3d476 in dlg_onroute (req=0x81990f4, route_params=0xbfe17b80, param=0x0) at dlg_handlers.c:890
#4  0xb798e7e9 in run_rr_callbacks (req=0x81990f4, rr_params=0xb79913e4) at rr_cb.c:89
#5  0xb7988f52 in after_strict (_m=0x81990f4) at loose.c:734
#6  0xb798be25 in loose_route (_m=0x81990f4, _s1=0x0, _s2=0x0) at loose.c:919
#7  0x08055399 in do_action (a=0x8177710, msg=0x81990f4) at action.c:967
#8  0x08053ecf in run_action_list (a=0x8177710, msg=0x81990f4) at action.c:139
#9  0x080960ba in eval_expr (e=0x817777c, msg=0x81990f4, val=0x0) at route.c:1240
#10 0x08095ca9 in eval_expr (e=0x81777a8, msg=0x81990f4, val=0x0) at route.c:1561
#11 0x08055045 in do_action (a=0x8178618, msg=0x81990f4) at action.c:689
#12 0x08053ecf in run_action_list (a=0x81754ac, msg=0x81990f4) at action.c:139
#13 0x08057db9 in run_top_route (a=0x81754ac, msg=0x81990f4) at action.c:119
#14 0x0808af3c in receive_msg (
    buf=0x8146500 "BYE sip:sipb01.proxy.com:5060;nat=yes;ftag=000c30708abe2cf008c97c56-050ad08e;lr=on;did=98.724cd671 SIP/2.0\r\nVia: SIP/2.0/UDP 192.168.0.191:5060\r\nFrom: \"33581319702\" <sip:33581319702 at sipb01.proxy.com"..., len=492, rcv_info=0xbfe18574) at receive.c:162
#15 0x080bd952 in udp_rcv_loop () at udp_server.c:492
#16 0x080693c9 in main (argc=9, argv=0xbfe186f4) at main.c:818

The segfault is generated by the following code in parser/parse_to.c (line 189) : add_param( param , to_b );
Looks like there is no memory allocated to receive the parameter. 

----------------------------------------------------------------------

>Comment By: vabdulla (vabdulla)
Date: 2010-05-29 20:40

Message:
Hi Anca,

I have attached a simplified version (without style correction) of the
patch. Basically, I have added a memset() call before each parse_to() in
pua_dialoginfo.c and a null check for 'entity' and 'callid' variables in
dialog_publish.c

Hope this would help !

Regards,
- vma
.


----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2010-05-28 18:32

Message:
Hi,

Can you please point to me at which lines in the patch are the
corrections? It is a very long patch with many stile corrections and hard
to dig into it.

Regards,
Anca 


----------------------------------------------------------------------

Comment By: vabdulla (vabdulla)
Date: 2010-05-28 18:15

Message:
Hello,

I have attached a patch that seems to have solved my 2 most frequent
opensips crash causes when using presence. (The patch contains also some
code style corrections.)

Regards,
- vma
.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3000072&group_id=232389



More information about the Devel mailing list