[OpenSIPS-Devel] [ opensips-Bugs-3411442 ] Segmentation fault in push_reply_in_dialog
SourceForge.net
noreply at sourceforge.net
Tue Sep 20 21:14:08 CEST 2011
Bugs item #3411442, was opened at 2011-09-19 14:56
Message generated for change (Settings changed) made by bogdan_iancu
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3411442&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: 1.7.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Sergey Lavrov (sybasesql)
>Assigned to: Vladut-Stefan Paiu (vladut-paiu)
Summary: Segmentation fault in push_reply_in_dialog
Initial Comment:
opensips-1.7.0 rev 8357
OS: centos 5.6 x86_64
I have Segmentation fault:
#0 0x00002ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350
350 if ( dlg->legs[leg].tag.len==tag.len &&
---
(gdb) bt
#0 0x00002ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350
#1 0x00002ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=<value optimized out>, param=<value optimized out>) at dlg_handlers.c:434
#2 0x00002ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212
#3 0x00002ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166
#4 0x00002ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512
#5 0x00000000004222fd in forward_reply (msg=0x8229b0) at forward.c:568
#6 0x000000000044fb81 in receive_msg (
buf=0x753020 "SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5060;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor"...,
len=878, rcv_info=0x7fff31d9cd70) at receive.c:203
#7 0x000000000048f698 in udp_rcv_loop () at udp_server.c:419
#8 0x000000000042a57c in main_loop (argc=<value optimized out>, argv=<value optimized out>) at main.c:885
#9 main (argc=<value optimized out>, argv=<value optimized out>) at main.c:1503
---
(gdb) bt full
#0 0x00002ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350
tag = {
s = 0x75322a "1174779552\r\nCall-ID: ZTMwNzdhN2M2YjA4ODM4MmRiYTJkOGQ1MDVmNzlhOTA.\r\nCSeq: 1 INVITE\r\nContact: <sip:manager2 at 89.31.18.41:1026>\r\nAllow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SU"..., len = 10}
contact = {s = 0x2ac7a3171158 "\330w", len = -1668799477}
rr_set = {s = 0x2 <Address 0x2 out of bounds>, len = -1558833544}
leg = 1
skip_rrs = <value optimized out>
__FUNCTION__ = "push_reply_in_dialog"
#1 0x00002ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=<value optimized out>, param=<value optimized out>) at dlg_handlers.c:434
rpl = 0x8229b0
req = 0x2ac7a3035fd8
dlg = 0x2ac7a2e42200
new_state = <value optimized out>
old_state = <value optimized out>
unref = <value optimized out>
event = <value optimized out>
mangled_from = {s = 0x0, len = 0}
mangled_to = {s = 0x0, len = 0}
req_out_buff = 0xb4
__FUNCTION__ = "dlg_onreply"
#2 0x00002ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212
params = {req = 0x2ac7a3035fd8, rpl = 0x8229b0, code = 180, param = 0x2ac7a2bc9930, extra1 = 0x0, extra2 = 0x0}
cbp = 0x2ac7a2bc9920
backup = 0x763030
trans_backup = 0x2ac7a2e42b70
__FUNCTION__ = "run_trans_callbacks"
#3 0x00002ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166
relay = 1200
save_clone = 0
buf = <value optimized out>
res_len = 0
relayed_code = 180
relayed_msg = <value optimized out>
bm = {to_tag_val = {s = 0x1 <Address 0x1 out of bounds>, len = 8530352}}
totag_retr = <value optimized out>
reply_status = RPS_PROVISIONAL
uas_rb = 0x2ac7a2e42c70
cb_s = {s = 0x8229b0 "\002\002\061", len = 8108712}
text = {s = 0x8277a8 "\001", len = 878}
__FUNCTION__ = "relay_reply"
#4 0x00002ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512
msg_status = 180
last_uac_status = <value optimized out>
branch = 8587360
reply_status = <value optimized out>
timer = <value optimized out>
cancel_bitmap = 0
uac = 0x2ac7a2e42d48
t = 0x2ac7a2e42b70
backup_list = 0x0
__FUNCTION__ = "reply_received"
#5 0x00000000004222fd in forward_reply (msg=0x8229b0) at forward.c:568
new_buf = <value optimized out>
---Type <return> to continue, or q <return> to quit---
to = <value optimized out>
new_len = <value optimized out>
mod = 0x78b6a0
proto = <value optimized out>
id = <value optimized out>
send_sock = <value optimized out>
len = <value optimized out>
__FUNCTION__ = "forward_reply"
#6 0x000000000044fb81 in receive_msg (
buf=0x753020 "SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5066;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor"...,
len=878, rcv_info=0x7fff31d9cd70) at receive.c:203
msg = 0x8229b0
start = {tv_sec = 808857653, tv_usec = 7859216}
__FUNCTION__ = "receive_msg"
#7 0x000000000048f698 in udp_rcv_loop () at udp_server.c:419
len = 878
tmp = 0x773c80 "89.31.18.41"
from = <value optimized out>
fromlen = 16
ri = {src_ip = {af = 2, len = 4, u = {addrl = {689053529, 11}, addr32 = {689053529, 0, 11, 0}, addr16 = {8025, 10514, 0, 0, 11, 0, 0, 0}, addr = "Y\037\022)\000\000\000\000\v\000\000\000\000\000\000"}}, dst_ip = {af = 2,
len = 4, u = {addrl = {3947911249, 0}, addr32 = {3947911249, 0, 0, 0}, addr16 = {22609, 60240, 0, 0, 0, 0, 0, 0}, addr = "QXP\353", '\000' <repeats 11 times>}}, src_port = 1026, dst_port = 5060, proto = 1,
proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2, sa_data = "\004\002Y\037\022)\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 516, sin_addr = {s_addr = 689053529},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 516, sin6_flowinfo = 689053529, sin6_addr = {in6_u = {u6_addr8 = '\000' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address = 0x77ec10}
p = 0x77e1b0
buf = "SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5066;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor"...
__FUNCTION__ = "udp_rcv_loop"
#8 0x000000000042a57c in main_loop (argc=<value optimized out>, argv=<value optimized out>) at main.c:885
i = 0
pid = <value optimized out>
si = <value optimized out>
startup_done = 0x0
load_p = <value optimized out>
chd_rank = 4
__FUNCTION__ = "main_loop"
#9 main (argc=<value optimized out>, argv=<value optimized out>) at main.c:1503
cfg_log_stderr = <value optimized out>
cfg_stream = 0x75e65e0
c = <value optimized out>
r = <value optimized out>
tmp = 0x4e3eb7 "H\215\005Ba$"
tmp_len = <value optimized out>
port = 0
proto = <value optimized out>
ret = <value optimized out>
seed = 4171048114
rfd = <value optimized out>
__FUNCTION__ = "main"
----------------------------------------------------------------------
Comment By: Sergey Lavrov (sybasesql)
Date: 2011-09-20 20:45
Message:
(gdb) frame 0
#0 0x00002ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0,
t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940,
mangled_to=0x7fff31d9c930) at dlg_handlers.c:350
350 if ( dlg->legs[leg].tag.len==tag.len &&
(gdb) p *dlg
$1 = {ref = 2, next = 0x0, prev = 0x0, h_id = 1446169044, h_entry = 2075,
state = 2, lifetime = 43200, start_ts = 0, flags = 16, from_rr_nb = 0,
user_flags = 0, tl = {next = 0x0, prev = 0x0, timeout = 0}, pl = 0x0,
callid = {
s = 0x2ac7a2e422b8
"ZTMwNzdhN2M2YjA4ODM4MmRiYTJkOGQ1MDVmNzlhOTA.sip:xxxx at x.x.x.x:5066sip:yyy at yyyyyyyyyForwards:
70\r\nReason: SIP;cause=487;text=ORIGINATOR_CANCEL\r\nUser-Agent: SIP
Gateway\r\nCo"..., len = 44}, from_uri = {s = 0x2ac7a2e422e4
"sip:xxxx at x.x.x.x:5066sip:yyy at yyyyyyyyyForwards: 70\r\nReason:
SIP;cause=487;text=ORIGINATOR_CANCEL\r\nUser-Agent: SIP
Gateway\r\nContent-Length: 0\r\n\r\n",
len = 33}, to_uri = {s = 0x2ac7a2e42305 "sip:yyy at yyyyyyyyyForwards:
70\r\nReason: SIP;cause=487;text=ORIGINATOR_CANCEL\r\nUser-Agent: SIP
Gateway\r\nContent-Length: 0\r\n\r\n", len = 36}, legs = 0x0,
legs_no = "\002\004\000", cbs = {first = 0x2ac7a2b4e628, types = 2184},
profile_links = 0x0, vals = 0x0}
(gdb) p leg
$2 = 1
(gdb) p dlg->legs_no[0]
$3 = 2 '\002'
(gdb) p dlg->legs_no[1]
$4 = 4 '\004'
----------------------------------------------------------------------
Comment By: Vladut-Stefan Paiu (vladut-paiu)
Date: 2011-09-20 19:53
Message:
Hello,
In frame 0, can you please do
p *dlg
p leg
p dlg->legs_no[0]
p dlg->legs_no[1]
and paste here the output ?
Regards,
Vlad
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3411442&group_id=232389
More information about the Devel
mailing list