[OpenSIPS-Devel] [ opensips-Bugs-3413995 ] PUBLISH handling causes segfault through update_presentity

Sun Oct 2 14:58:34 CEST 2011

Bugs item #3413995, was opened at 2011-09-26 14:47
Message generated for change (Comment added) made by anca_vamanu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3413995&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: 1.7.x
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Walter Doekes (wdoekes)
Assigned to: Nobody/Anonymous (nobody)
Summary: PUBLISH handling causes segfault through update_presentity

Initial Comment:
Hi,

update_presentity() [modules/presence/presentity.c] calls
publ_notify(...&body...) [modules/presence/notify.c where body is allocated on the stack
get_p_notify_body(...publ_body...) [modules/presence/notify.c] attempts to free this

This results in a segfault obviously.

Ugly fix: check for publ_body while doing the Free loop.

Regards,
Walter Doekes
OSSO B.V.

P.S. This bug is not present in 1.6, but is present in trunk and 1.7.

----------------------------------------------------------------------

>Comment By: Anca Vamanu (anca_vamanu)
Date: 2011-10-02 15:58

Message:
Hi Walter,

Thank you for the fix for this. It is applied in both trunk and 1.7.

Regards,
Anca

----------------------------------------------------------------------

Comment By: Walter Doekes (wdoekes)
Date: 2011-09-28 09:37

Message:
I added a new patch, because after fixing the crash, a memory leak became
apparent. (publ_body overwrote an allocated var before freeing it)

The patch also cleans up a bit of the code in the neighbourhood:
- no redundant memsets
- some code formatting

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3413995&group_id=232389