[OpenSIPS-Devel] [opensips] SIGSEGV in pkg_malloc/fm_malloc (#721)

Stéphane Alnet notifications at github.com
Wed Dec 9 13:58:50 CET 2015


FWIW there are two locations in mem/f_malloc.c that might have problems with `n->prev` being NULL before calling `fm_remove_free`:
- The first one is [line 353](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L353) if `n` === `frag`.
- The other one is the one where this issue goes through, [line 385](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L385). The loop at [lines 332-337](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L332) never checks `frag->prev`.

Also there are only three places were `->prev` is set to NULL:
- in [`fm_remove_free`](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L178)
- in [`fm_malloc_init`](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L288) for `qm->last_frag` and `qm->first_frag`.

Not sure I can help much more. :]

---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/721#issuecomment-163221854
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/devel/attachments/20151209/f9b434c9/attachment.htm>


More information about the Devel mailing list