[OpenSIPS-Devel] [opensips] Opensips crash on CANCEL on unanswerd call. (2.1-rc2) (#484)
AVFedorov
notifications at github.com
Thu Apr 30 00:41:59 CEST 2015
In sip_msg_cloner() if updatable=0 reply_lump is placed inside the same chunk as new_msg,
if updatable>0 reply_lump is allocated.
But later in free_faked_req() code does not distinguish how reply_lump has been set up.
We hit into call shm_free(faked_req->reply_lump) with faked_req->reply_lump pointing inside whole facked_req.
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/484#issuecomment-97607715
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/devel/attachments/20150429/cb7507a0/attachment-0001.htm>
More information about the Devel
mailing list