[OpenSIPS-Devel] [opensips] SIGSEGV in pkg_malloc/fm_malloc (#721)

James Criscuolo notifications at github.com
Tue Mar 8 23:11:44 CET 2016


Just a quick update here, I've been debugging most of the day and believe I've found something. 

```
--- a/modules/presence/notify.c
+++ b/modules/presence/notify.c
@@ -1226,9 +1226,9 @@ str* get_p_notify_body(str pres_uri, pres_ev_t* event, str* etag, str* publ_body
                                if(row_vals[extra_hdrs_col].val.string_val!= NULL)
                                {
-                                       if (extra_hdrs && !extra_hdrs->s)
+                                       len = strlen(row_vals[extra_hdrs_col].val.string_val);
+                                       if (len > 0 && extra_hdrs && !extra_hdrs->s)
                                        {
-                                               len = strlen(row_vals[extra_hdrs_col].val.string_val);
```

This occurs 3 times (on release 1.10.0, as well as master) in the `get_p_notify body` function. I've been working under the assumption that mallocs of size 0 eventually lead to weirdness, and this code was another example where a `pkg_malloc` of size 0 could occur.

Should a malloc of size 0 be safe? This is not the first set of crashes I've *hopefully* fixed by preventing a malloc of size 0 (the last time around seems to have gone well, we'll see about this one), although the other fix was in a custom module.

---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/721#issuecomment-193989081
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/devel/attachments/20160308/12085b0f/attachment.htm>


More information about the Devel mailing list