[OpenSIPS-Users] Bug in STUN module? And something about version 1.6.1
Alexander
goal81 at gmail.com
Thu Dec 24 12:24:22 CET 2009
I've encountered a problem - sometimes OpenSIPS 1.6.0 crashes. GDB says
that crash was in stun.c, line 836. Going to this line, we see:
case UNKNOWN_ATTRIBUTES:
/* iterator */
b2 = (T16 *) msg->unknownAttributes->buffer;
/* allocate unknownAttributes buffer */
msg->unknownAttributes = (Buffer*)
pkg_malloc(sizeof(Buffer));
if(!msg->unknownAttributes){
LM_DBG("out of mem\n");
return -1;
}
memset(msg->unknownAttributes, 0, sizeof(Buffer));
Is it OK, that we create iterator, and then allocate buffer?
uknownAttributes is not allocated when iterator is created. I've changed it
to:
case UNKNOWN_ATTRIBUTES:
/* allocate unknownAttributes buffer */
msg->unknownAttributes = (Buffer*)
pkg_malloc(sizeof(Buffer));
if(!msg->unknownAttributes){
LM_DBG("out of mem\n");
return -1;
}
memset(msg->unknownAttributes, 0, sizeof(Buffer));
/* iterator */
b2 = (T16 *) msg->unknownAttributes->buffer;
Now it seems to work properly.
By the way, version 1.6.1 contains the same bug in STUN module.
Unfortunately,
1.6.1 is unusable for me - crashes too often :( I wrote one report about
crash on NOTIFY (with backtrace), and today I've encountered another crash:
Program terminated with signal 11, Segmentation fault.
[New process 19330]
#0 0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>) at
mem/f_malloc.c:172
172 *pf=n->u.nxt_free;
(gdb) where
#0 0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>) at
mem/f_malloc.c:172
#1 0x00603d04 in build_rr (_l=0x81e07d8, _l2=0x81e1d1c, user=0xbff381d0,
tag=0x81d1fc0, params=0x0, _inbound=1) at record.c:163
#2 0x0060471f in record_route (_m=0x81d1bec, params=0x0) at record.c:320
#3 0x00606031 in w_record_route (msg=0x81d1bec, key=0x0, bar=0x0) at
rr_mod.c:272
#4 0x080545dd in do_action (a=0x81bdb2c, msg=0x81d1bec) at action.c:967
#5 0x08057308 in run_action_list (a=0x81bdb2c, msg=0x81d1bec) at
action.c:139
#6 0x080554dd in do_action (a=0x81bdb98, msg=0x81d1bec) at action.c:706
#7 0x08057308 in run_action_list (a=0x81bd578, msg=0x81d1bec) at
action.c:139
#8 0x080576a3 in run_top_route (a=0x81bd578, msg=0x81d1bec) at action.c:119
#9 0x0809ddf2 in receive_msg (
buf=0x8192380 "OPTIONS sip:sip.comtube.ru SIP/2.0\r\nVia: SIP/2.0/UDP
85.21.245.172:5060;branch=z9hG4bK57769584;rport\r\nMax-Forwards: 69\r\nFrom:
\"asterisk\" <sip:asterisk at 85.21.245.172
<sip%3Aasterisk at 85.21.245.172>>;tag=as58d6d6b9\r\nTo:
<sip:sip.comtu"..., len=511, rcv_info=0xbff388d4) at receive.c:162
#10 0x080e5056 in udp_rcv_loop () at udp_server.c:492
#11 0x08070adf in main (argc=5, argv=0xbff38ae4) at main.c:821
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20091224/1ac2e0fe/attachment.htm
More information about the Users
mailing list