<p>Just a quick update here, I've been debugging most of the day and believe I've found something. </p>
<pre><code>--- a/modules/presence/notify.c
+++ b/modules/presence/notify.c
@@ -1226,9 +1226,9 @@ str* get_p_notify_body(str pres_uri, pres_ev_t* event, str* etag, str* publ_body
if(row_vals[extra_hdrs_col].val.string_val!= NULL)
{
- if (extra_hdrs && !extra_hdrs->s)
+ len = strlen(row_vals[extra_hdrs_col].val.string_val);
+ if (len > 0 && extra_hdrs && !extra_hdrs->s)
{
- len = strlen(row_vals[extra_hdrs_col].val.string_val);
</code></pre>
<p>This occurs 3 times (on release 1.10.0, as well as master) in the <code>get_p_notify body</code> function. I've been working under the assumption that mallocs of size 0 eventually lead to weirdness, and this code was another example where a <code>pkg_malloc</code> of size 0 could occur.</p>
<p>Should a malloc of size 0 be safe? This is not the first set of crashes I've <em>hopefully</em> fixed by preventing a malloc of size 0 (the last time around seems to have gone well, we'll see about this one), although the other fix was in a custom module.</p>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>Reply to this email directly or <a href="https://github.com/OpenSIPS/opensips/issues/721#issuecomment-193989081">view it on GitHub</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AFOcie_88JajG43DNwZRHIvM6RlGK2ueks5prfQggaJpZM4Gx0aq.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
<link itemprop="url" href="https://github.com/OpenSIPS/opensips/issues/721#issuecomment-193989081"></link>
<meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>