[OpenSIPS-Users] Bug in STUN module? And something about version 1.6.1
Alexander
goal81 at gmail.com
Thu Dec 24 21:19:27 CET 2009
Hello.
Regarding STUN - it seems that there is the same bug on line 870. Again,
iterator b2 is created before memory allocation.
I'll try memory debug, but don't know, when - our OpenSIPS works under load,
people make calls and so on :) I use version 1.6.0 for now, it seems to be quite
stable.
> Hi Alexander,
> Indeed, the stun issue looks like a silly bug - I fixed it on SVN -
> Thanks a lot for the report and fix.
> Regarding the other bugs you reported, could you please compile in the
> memory debug support (http://www.opensips.org/Resources/DocsTsMem) and set
> memlog=8
> memdump=2
> maybe the debugger will be able to get out more info.
> Regards,
> Bogdan
> Alexander wrote:
>> I've encountered a problem - sometimes OpenSIPS 1.6.0 crashes. GDB
>> says that crash was in stun.c, line 836. Going to this line, we see:
>>
>> case UNKNOWN_ATTRIBUTES:
>> /* iterator */
>> b2 = (T16 *) msg->unknownAttributes->buffer;
>> /* allocate unknownAttributes buffer */
>> msg->unknownAttributes = (Buffer*)
>> pkg_malloc(sizeof(Buffer));
>> if(!msg->unknownAttributes){
>> LM_DBG("out of mem\n");
>> return -1;
>> }
>> memset(msg->unknownAttributes, 0, sizeof(Buffer));
>>
>> Is it OK, that we create iterator, and then allocate buffer?
>> uknownAttributes is not allocated when iterator is created. I've
>> changed it to:
>>
>> case UNKNOWN_ATTRIBUTES:
>> /* allocate unknownAttributes buffer */
>> msg->unknownAttributes = (Buffer*)
>> pkg_malloc(sizeof(Buffer));
>> if(!msg->unknownAttributes){
>> LM_DBG("out of mem\n");
>> return -1;
>> }
>> memset(msg->unknownAttributes, 0, sizeof(Buffer));
>>
>> /* iterator */
>> b2 = (T16 *) msg->unknownAttributes->buffer;
>>
>> Now it seems to work properly.
>>
>> By the way, version 1.6.1 contains the same bug in STUN module.
>> Unfortunately, 1.6.1 is unusable for me - crashes too often :( I wrote
>> one report about crash on NOTIFY (with backtrace), and today I've
>> encountered another crash:
>>
>> Program terminated with signal 11, Segmentation fault.
>> [New process 19330]
>> #0 0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>)
>> at mem/f_malloc.c:172
>> 172 *pf=n->u.nxt_free;
>> (gdb) where
>> #0 0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>)
>> at mem/f_malloc.c:172
>> #1 0x00603d04 in build_rr (_l=0x81e07d8, _l2=0x81e1d1c,
>> user=0xbff381d0, tag=0x81d1fc0, params=0x0, _inbound=1) at record.c:163
>> #2 0x0060471f in record_route (_m=0x81d1bec, params=0x0) at record.c:320
>> #3 0x00606031 in w_record_route (msg=0x81d1bec, key=0x0, bar=0x0) at
>> rr_mod.c:272
>> #4 0x080545dd in do_action (a=0x81bdb2c, msg=0x81d1bec) at action.c:967
>> #5 0x08057308 in run_action_list (a=0x81bdb2c, msg=0x81d1bec) at
>> action.c:139
>> #6 0x080554dd in do_action (a=0x81bdb98, msg=0x81d1bec) at action.c:706
>> #7 0x08057308 in run_action_list (a=0x81bd578, msg=0x81d1bec) at
>> action.c:139
>> #8 0x080576a3 in run_top_route (a=0x81bd578, msg=0x81d1bec) at
>> action.c:119
>> #9 0x0809ddf2 in receive_msg (
>> buf=0x8192380 "OPTIONS sip:sip.comtube.ru <http://sip.comtube.ru>
>> SIP/2.0\r\nVia: SIP/2.0/UDP
>> 85.21.245.172:5060;branch=z9hG4bK57769584;rport\r\nMax-Forwards:
>> 69\r\nFrom: \"asterisk\" <sip:asterisk at 85.21.245.172
>> <mailto:sip%3Aasterisk at 85.21.245.172>>;tag=as58d6d6b9\r\nTo:
>> <sip:sip.comtu"..., len=511, rcv_info=0xbff388d4) at receive.c:162
>> #10 0x080e5056 in udp_rcv_loop () at udp_server.c:492
>> #11 0x08070adf in main (argc=5, argv=0xbff38ae4) at main.c:821
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
--
С уважением,
Alexander mailto:goal81 at gmail.com
More information about the Users
mailing list