[OpenSIPS-Devel] OpenSIPS Crash

Bogdan-Andrei Iancu bogdan at opensips.org
Thu Jun 6 11:44:10 EDT 2019


Dan,

Yes, good observation that c pointer is invalid - but it is not because 
of an overflow, but it rather seems that the msg->contact->parsed (where 
the "c" is read from) was populated with a pkg pointer in a different 
process.

Regards

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit 2019
   https://www.opensips.org/events/Summit-2019Amsterdam/

On 06/06/2019 05:01 PM, Dan Pascu wrote:
> Looks like buffer overflow. That c variable in the first frame should be a memory address, but instead it contains "lo EYB", which I guess is "BYE ol" on little endian machines. Looks like some parsed part of the message spilled over and overwrote memory pointers.
>
> On 5 Jun 2019, at 22:02, Ben Newlin wrote:
>
>> We have had another crash today.
>>   
>> Backtrace is here: https://pastebin.com/q4RQC7kS
>>   
>> I found this in the log at the time of the crash:
>>   
>> Jun  5 17:54:10 [4978] CRITICAL:core:sig_usr: segfault in process pid: 4978, id: 8
>>   
>>   
>> Please let me know if any further information can be useful.
>>   
>> Ben Newlin
>>   
>> From: Devel <devel-bounces at lists.opensips.org> on behalf of Ben Newlin <Ben.Newlin at genesys.com>
>> Reply-To: OpenSIPS devel mailling list <devel at lists.opensips.org>
>> Date: Friday, May 10, 2019 at 6:31 PM
>> To: OpenSIPS devel mailling list <devel at lists.opensips.org>
>> Subject: Re: [OpenSIPS-Devel] OpenSIPS Crash
>>   
>> I found this in the log at the time of the crash:
>>   
>> kernel: opensips[5003]: segfault at 30 ip 00007fbd4c8f59d0 sp 00007ffcaa850c80 error 6 in tm.so[7fbd4c887000+8e000]
>>   
>> Ben Newlin
>>   
>> From: Devel <devel-bounces at lists.opensips.org> on behalf of Ben Newlin <Ben.Newlin at genesys.com>
>> Reply-To: OpenSIPS devel mailling list <devel at lists.opensips.org>
>> Date: Friday, May 10, 2019 at 5:44 PM
>> To: OpenSIPS devel mailling list <devel at lists.opensips.org>
>> Subject: [OpenSIPS-Devel] OpenSIPS Crash
>>   
>> Hello,
>>   
>> We had a crash today of our OpenSIPS instance.
>>   
>> Backtrace is here: https://pastebin.com/QbRJimwx
>>   
>> # opensips -V
>> version: opensips 2.4.5 (x86_64/linux)
>> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
>> poll method support: poll, epoll, sigio_rt, select.
>> git revision: d025b4f61
>> main.c compiled on 20:58:31 May  9 2019 with gcc 7
>>   
>> Ben Newlin
>> _______________________________________________
>> Devel mailing list
>> Devel at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
>
> --
> Dan
>
>
>
>
>
> _______________________________________________
> Devel mailing list
> Devel at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel




More information about the Devel mailing list