<p>FWIW there are two locations in mem/f_malloc.c that might have problems with <code>n->prev</code> being NULL before calling <code>fm_remove_free</code>:</p>
<ul>
<li>The first one is <a href="https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L353">line 353</a> if <code>n</code> === <code>frag</code>.</li>
<li>The other one is the one where this issue goes through, <a href="https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L385">line 385</a>. The loop at <a href="https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L332">lines 332-337</a> never checks <code>frag->prev</code>.</li>
</ul>
<p>Also there are only three places were <code>->prev</code> is set to NULL:</p>
<ul>
<li>in <a href="https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L178"><code>fm_remove_free</code></a>
</li>
<li>in <a href="https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L288"><code>fm_malloc_init</code></a> for <code>qm->last_frag</code> and <code>qm->first_frag</code>.</li>
</ul>
<p>Not sure I can help much more. :]</p>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>Reply to this email directly or <a href="https://github.com/OpenSIPS/opensips/issues/721#issuecomment-163221854">view it on GitHub</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AFOciflzhJb_mCcGmdO8hQ_6CcSQLTTlks5pOB0KgaJpZM4Gx0aq.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
<link itemprop="url" href="https://github.com/OpenSIPS/opensips/issues/721#issuecomment-163221854"></link>
<meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>