[OpenSIPS-Users] segmentation fault when calling pkg_malloc

Dan Pascu dan at ag-projects.com
Sun Mar 15 04:52:03 CET 2009


On Thursday 12 March 2009, Bogdan-Andrei Iancu wrote:
> Hi Chevio, Hi Kolev,
>
> That is true what Kolev says - most probably you have a memory
> overwrite somewhere and you are messing up the data structure of the
> memory manager. It cannot be a race as the pkg memory is per process,
> so it is not shared.
>
> To try to catch the bug, enable memory debugger - it will try to detect
> and report mem overflow, double free, etc...See:
> http://www.opensips.org/pmwiki.php?n=Resources.DocsTsMem
> "how to handle it" chapter

Bogdan,

If you remember we have seen this before. I had a similar issue with 
segfaults in the memory allocator when using pkg_malloc. It happened in 
various cases: when building a stateless reply to a REGISTER, when 
processing a reply belonging to a transaction. It didn't seem to 
originate from one particular part of the code, but it always ended in 
f_malloc.c giving a segfault. If you remember we tried unsuccessfully to 
trace it, but we came up empty handed. It still remains a mystery where 
the memory allocator internal structures were overwritten, but the end 
result was always the same: some internal pkg_malloc pointers were 
containing remnants of ascii bytes from the processed SIP message and 
trying to dereference them resulted in a segfault. As I said, this didn't 
happen in some custom module, but all over the standard opensips code.

The only way to solve it was to switch to using the system memory 
allocator for private memory. This leads me to believe that we have a 
subtle bug in the memory allocator, that may have been dormant until now, 
but recent changes in some other part of the code may have take it out of 
its slumber.

-- 
Dan



More information about the Users mailing list