[OpenSIPS-Devel] [ opensips-Bugs-3411442 ] Segmentation fault in push_reply_in_dialog
SourceForge.net
noreply at sourceforge.net
Tue Sep 20 18:53:52 CEST 2011
Bugs item #3411442, was opened at 2011-09-19 14:56
Message generated for change (Comment added) made by vladut-paiu
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3411442&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: 1.7.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Sergey Lavrov (sybasesql)
Assigned to: Nobody/Anonymous (nobody)
Summary: Segmentation fault in push_reply_in_dialog
Initial Comment:
opensips-1.7.0 rev 8357
OS: centos 5.6 x86_64
I have Segmentation fault:
#0 0x00002ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350
350 if ( dlg->legs[leg].tag.len==tag.len &&
---
(gdb) bt
#0 0x00002ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350
#1 0x00002ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=<value optimized out>, param=<value optimized out>) at dlg_handlers.c:434
#2 0x00002ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212
#3 0x00002ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166
#4 0x00002ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512
#5 0x00000000004222fd in forward_reply (msg=0x8229b0) at forward.c:568
#6 0x000000000044fb81 in receive_msg (
buf=0x753020 "SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5060;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor"...,
len=878, rcv_info=0x7fff31d9cd70) at receive.c:203
#7 0x000000000048f698 in udp_rcv_loop () at udp_server.c:419
#8 0x000000000042a57c in main_loop (argc=<value optimized out>, argv=<value optimized out>) at main.c:885
#9 main (argc=<value optimized out>, argv=<value optimized out>) at main.c:1503
---
(gdb) bt full
#0 0x00002ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350
tag = {
s = 0x75322a "1174779552\r\nCall-ID: ZTMwNzdhN2M2YjA4ODM4MmRiYTJkOGQ1MDVmNzlhOTA.\r\nCSeq: 1 INVITE\r\nContact: <sip:manager2 at 89.31.18.41:1026>\r\nAllow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SU"..., len = 10}
contact = {s = 0x2ac7a3171158 "\330w", len = -1668799477}
rr_set = {s = 0x2 <Address 0x2 out of bounds>, len = -1558833544}
leg = 1
skip_rrs = <value optimized out>
__FUNCTION__ = "push_reply_in_dialog"
#1 0x00002ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=<value optimized out>, param=<value optimized out>) at dlg_handlers.c:434
rpl = 0x8229b0
req = 0x2ac7a3035fd8
dlg = 0x2ac7a2e42200
new_state = <value optimized out>
old_state = <value optimized out>
unref = <value optimized out>
event = <value optimized out>
mangled_from = {s = 0x0, len = 0}
mangled_to = {s = 0x0, len = 0}
req_out_buff = 0xb4
__FUNCTION__ = "dlg_onreply"
#2 0x00002ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212
params = {req = 0x2ac7a3035fd8, rpl = 0x8229b0, code = 180, param = 0x2ac7a2bc9930, extra1 = 0x0, extra2 = 0x0}
cbp = 0x2ac7a2bc9920
backup = 0x763030
trans_backup = 0x2ac7a2e42b70
__FUNCTION__ = "run_trans_callbacks"
#3 0x00002ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166
relay = 1200
save_clone = 0
buf = <value optimized out>
res_len = 0
relayed_code = 180
relayed_msg = <value optimized out>
bm = {to_tag_val = {s = 0x1 <Address 0x1 out of bounds>, len = 8530352}}
totag_retr = <value optimized out>
reply_status = RPS_PROVISIONAL
uas_rb = 0x2ac7a2e42c70
cb_s = {s = 0x8229b0 "\002\002\061", len = 8108712}
text = {s = 0x8277a8 "\001", len = 878}
__FUNCTION__ = "relay_reply"
#4 0x00002ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512
msg_status = 180
last_uac_status = <value optimized out>
branch = 8587360
reply_status = <value optimized out>
timer = <value optimized out>
cancel_bitmap = 0
uac = 0x2ac7a2e42d48
t = 0x2ac7a2e42b70
backup_list = 0x0
__FUNCTION__ = "reply_received"
#5 0x00000000004222fd in forward_reply (msg=0x8229b0) at forward.c:568
new_buf = <value optimized out>
---Type <return> to continue, or q <return> to quit---
to = <value optimized out>
new_len = <value optimized out>
mod = 0x78b6a0
proto = <value optimized out>
id = <value optimized out>
send_sock = <value optimized out>
len = <value optimized out>
__FUNCTION__ = "forward_reply"
#6 0x000000000044fb81 in receive_msg (
buf=0x753020 "SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5066;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor"...,
len=878, rcv_info=0x7fff31d9cd70) at receive.c:203
msg = 0x8229b0
start = {tv_sec = 808857653, tv_usec = 7859216}
__FUNCTION__ = "receive_msg"
#7 0x000000000048f698 in udp_rcv_loop () at udp_server.c:419
len = 878
tmp = 0x773c80 "89.31.18.41"
from = <value optimized out>
fromlen = 16
ri = {src_ip = {af = 2, len = 4, u = {addrl = {689053529, 11}, addr32 = {689053529, 0, 11, 0}, addr16 = {8025, 10514, 0, 0, 11, 0, 0, 0}, addr = "Y\037\022)\000\000\000\000\v\000\000\000\000\000\000"}}, dst_ip = {af = 2,
len = 4, u = {addrl = {3947911249, 0}, addr32 = {3947911249, 0, 0, 0}, addr16 = {22609, 60240, 0, 0, 0, 0, 0, 0}, addr = "QXP\353", '\000' <repeats 11 times>}}, src_port = 1026, dst_port = 5060, proto = 1,
proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2, sa_data = "\004\002Y\037\022)\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 516, sin_addr = {s_addr = 689053529},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 516, sin6_flowinfo = 689053529, sin6_addr = {in6_u = {u6_addr8 = '\000' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address = 0x77ec10}
p = 0x77e1b0
buf = "SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5066;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor"...
__FUNCTION__ = "udp_rcv_loop"
#8 0x000000000042a57c in main_loop (argc=<value optimized out>, argv=<value optimized out>) at main.c:885
i = 0
pid = <value optimized out>
si = <value optimized out>
startup_done = 0x0
load_p = <value optimized out>
chd_rank = 4
__FUNCTION__ = "main_loop"
#9 main (argc=<value optimized out>, argv=<value optimized out>) at main.c:1503
cfg_log_stderr = <value optimized out>
cfg_stream = 0x75e65e0
c = <value optimized out>
r = <value optimized out>
tmp = 0x4e3eb7 "H\215\005Ba$"
tmp_len = <value optimized out>
port = 0
proto = <value optimized out>
ret = <value optimized out>
seed = 4171048114
rfd = <value optimized out>
__FUNCTION__ = "main"
----------------------------------------------------------------------
Comment By: Vladut-Stefan Paiu (vladut-paiu)
Date: 2011-09-20 19:53
Message:
Hello,
In frame 0, can you please do
p *dlg
p leg
p dlg->legs_no[0]
p dlg->legs_no[1]
and paste here the output ?
Regards,
Vlad
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3411442&group_id=232389
More information about the Devel
mailing list