[OpenSIPS-Users] segfault in codecs.c during call back

Bobby Smith bobby.smith at gmail.com
Thu Dec 2 23:52:55 CET 2010


On revision 7081 (opensips trunk), we've run into a couple of situations
where cores were generated from a segfault.  They both look the same,
contents attached.


#0  backup () at codecs.c:104
104                             int n = old->len;
(gdb) bt full
#0  backup () at codecs.c:104
        l = 0x79d8b0
        old = 0x0
        n = <value optimized out>
        len = 1
        i = 0
        __FUNCTION__ = "backup"
#1  0x00002b0d01fb00e1 in pre_route_callback (msg=0x2b0d01b8b140,
param=0x79caf0) at codecs.c:169
No locals.
#2  0x000000000046d9be in exec_post_cb (msg=0x2b0d01b8b140) at
script_cb.c:198
No locals.
#3  exec_pre_route_cb (msg=0x2b0d01b8b140) at script_cb.c:231
No locals.
#4  0x0000000000412153 in run_top_route (a=0x794e70, msg=0x2b0d01b8b140) at
action.c:181
        bk_action_flags = 0
        bk_rec_lev = 0
#5  0x00002b0d0197777f in run_failure_handlers (Trans=0x2b0d03954950,
new_code=<value optimized out>, branch=<value optimized out>,
should_store=0x7fff00703b58, should_relay=0x7fff00703b5c,
cancel_bitmap=<value optimized out>,
    reply=0x796cc0) at t_reply.c:613
        faked_req = {id = 6, first_line = {type = 1, len = 53, u = {request
= {method = {
                  s = 0x2b0d0395bb00 "OPTIONS
sip:100 at internal-sip.mycompany.com
<sip%3A100 at internal-sip.mycompany.com>SIP/2.0\r\nRecord-Route:
<sip:4.2.46.245;lr=on;ftag=6364386232656635313363340133363632373934353030>\r\nVia:
SIP/2.0/UDP 4.2.46.245;branch=z9hG4bK8702.83"..., len = 7}, uri = {
                  s = 0x2b0d0395bb08
"sip:100 at internal-sip.mycompany.com<sip%3A100 at internal-sip.mycompany.com>SIP/2.0\r\nRecord-Route:
<sip:4.2.46.245;lr=on;ftag=6364386232656635313363340133363632373934353030>\r\nVia:
SIP/2.0/UDP 4.2.46.245;branch=z9hG4bK8702.83cfa2a.0\r"..., len = 35},
version = {
                  s = 0x2b0d0395bb2c "SIP/2.0\r\nRecord-Route:
<sip:4.2.46.245;lr=on;ftag=6364386232656635313363340133363632373934353030>\r\nVia:
SIP/2.0/UDP 4.2.46.245;branch=z9hG4bK8702.83cfa2a.0\r\nVia: SIP/2.0/UDP
109.104.88.29:5064"..., len = 7}, method_value = 32}, reply = {version = {
                  s = 0x2b0d0395bb00 "OPTIONS
sip:100 at internal-sip.mycompany.com
<sip%3A100 at internal-sip.mycompany.com>SIP/2.0\r\nRecord-Route:
<sip:4.2.46.245;lr=on;ftag=6364386232656635313363340133363632373934353030>\r\nVia:
SIP/2.0/UDP 4.2.46.245;branch=z9hG4bK8702.83"..., len = 7}, status = {
                  s = 0x2b0d0395bb08
"sip:100 at internal-sip.mycompany.com<sip%3A100 at internal-sip.mycompany.com>SIP/2.0\r\nRecord-Route:
<sip:4.2.46.245;lr=on;ftag=6364386232656635313363340133363632373934353030>\r\nVia:
SIP/2.0/UDP 4.2.46.245;branch=z9hG4bK8702.83cfa2a.0\r"..., len = 35}, reason
= {
                  s = 0x2b0d0395bb2c "SIP/2.0\r\nRecord-Route:
<sip:4.2.46.245;lr=on;ftag=6364386232656635313363340133363632373934353030>\r\nVia:
SIP/2.0/UDP 4.2.46.245;branch=z9hG4bK8702.83cfa2a.0\r\nVia: SIP/2.0/UDP
109.104.88.29:5064"..., len = 7}, statuscode = 32}}}, via1 = 0x2b0d0395bdf8,
via2 = 0x2b0d0395bf70, headers = 0x2b0d0395bd68, last_header =
0x2b0d0395c530, parsed_flag = 18446744073709551615, h_via1 = 0x2b0d0395bdb0,
h_via2 = 0x2b0d0395bf28,
          callid = 0x2b0d0395c4e8, to = 0x2b0d0395c240, cseq =
0x2b0d0395c470, from = 0x2b0d0395c168, contact = 0x2b0d0395c428, maxforwards
= 0x2b0d0395c530, route = 0x0, record_route = 0x2b0d0395bd68, path = 0x0,
content_type = 0x0,
          content_length = 0x2b0d0395c120, authorization = 0x0, expires =
0x0, proxy_auth = 0x0, supported = 0x0, proxy_require = 0x0, unsupported =
0x0, allow = 0x0, event = 0x0, accept = 0x2b0d0395c1b0, accept_language =
0x0,
          organization = 0x0, priority = 0x0, subject = 0x0, user_agent =
0x2b0d0395c1f8, content_disposition = 0x0, accept_disposition = 0x0,
diversion = 0x0, rpid = 0x0, refer_to = 0x0, session_expires = 0x0, min_se =
0x0, ppi = 0x0,
          pai = 0x0, privacy = 0x0, sdp = 0x0, multi = 0x0, eoh =
0x2b0d0395bd63 "\r\n", unparsed = 0x2b0d0395bd63 "\r\n", rcv = {src_ip = {af
= 2, len = 4, u = {addrl = {4113468365, 7}, addr32 = {4113468365, 0, 7, 0},
addr16 = {35789,
                  62766, 0, 0, 7, 0, 0, 0}, addr =
"Í.\365\000\000\000\000\a\000\000\000\000\000\000"}}, dst_ip = {af = 2, len
= 4, u = {addrl = {2519632845, 0}, addr32 = {2519632845, 0, 0, 0}, addr16 =
{35789, 38446, 0, 0, 0, 0, 0,
                  0}, addr = "Í.\226", '\000' <repeats 11 times>}}, src_port
= 5060, dst_port = 5060, proto = 1, proto_reserved1 = 0, proto_reserved2 =
0, src_su = {s = {sa_family = 2,
                sa_data = "\023\304Í.\365\000\000\000\000\000\000\000"}, sin
= {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 4113468365},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2,
                sin6_port = 50195, sin6_flowinfo = 4113468365, sin6_addr =
{in6_u = {u6_addr8 = '\000' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0,
0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address =
0x795ca0},
          buf = 0x2b0d0395bb00 "OPTIONS
sip:100 at internal-sip.mycompany.com<sip%3A100 at internal-sip.mycompany.com>SIP/2.0\r\nRecord-Route:
<sip:4.2.46.245;lr=on;ftag=6364386232656635313363340133363632373934353030>\r\nVia:
SIP/2.0/UDP 4.2.46.245;branch=z9hG4bK8702.83"..., len = 613, new_uri = {s =
0x79c4f0 "sip:100 at internal-sip.mycompany.com<sip%3A100 at internal-sip.mycompany.com>",
len = 35}, dst_uri = {s = 0x0, len = 0}, parsed_uri_ok = 0, parsed_uri =
{user = {
              s = 0x2b0d0395bb0c
"100 at internal-sip.mycompany.comSIP/2.0\r\nRecord-Route:
<sip:4.2.46.245;lr=on;ftag=6364386232656635313363340133363632373934353030>\r\nVia:
SIP/2.0/UDP 4.2.46.245;branch=z9hG4bK8702.83cfa2a.0\r\nVia"..., len = 3},
passwd = {s = 0x0, len = 0}, host = {
              s = 0x2b0d0395bb10
"internal-sip.mycompany.comSIP/2.0\r\nRecord-Route:
<sip:4.2.46.245;lr=on;ftag=6364386232656635313363340133363632373934353030>\r\nVia:
SIP/2.0/UDP 4.2.46.245;branch=z9hG4bK8702.83cfa2a.0\r\nVia: SI"..., len =
27}, port = {s = 0x0, len = 0}, params = {s = 0x0, len = 0}, headers = {s =
0x0, len = 0}, port_no = 0, proto = 0, type = SIP_URI_T, transport = {s =
0x0, len = 0}, ttl = {s = 0x0, len = 0}, user_param = {s = 0x0,
              len = 0}, maddr = {s = 0x0, len = 0}, method = {s = 0x0, len =
0}, lr = {s = 0x0, len = 0}, r2 = {s = 0x0, len = 0}, transport_val = {s =
0x0, len = 0}, ttl_val = {s = 0x0, len = 0}, user_param_val = {s = 0x0, len
= 0},
            maddr_val = {s = 0x0, len = 0}, method_val = {s = 0x0, len = 0},
lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, len = 0}},
parsed_orig_ruri_ok = 0, parsed_orig_ruri = {user = {s = 0x0, len = 0},
passwd = {s = 0x0,
              len = 0}, host = {s = 0x0, len = 0}, port = {s = 0x0, len =
0}, params = {s = 0x0, len = 0}, headers = {s = 0x0, len = 0}, port_no = 0,
proto = 0, type = ERROR_URI_T, transport = {s = 0x0, len = 0}, ttl = {s =
0x0,
              len = 0}, user_param = {s = 0x0, len = 0}, maddr = {s = 0x0,
len = 0}, method = {s = 0x0, len = 0}, lr = {s = 0x0, len = 0}, r2 = {s =
0x0, len = 0}, transport_val = {s = 0x0, len = 0}, ttl_val = {s = 0x0, len =
0},
            user_param_val = {s = 0x0, len = 0}, maddr_val = {s = 0x0, len =
0}, method_val = {s = 0x0, len = 0}, lr_val = {s = 0x0, len = 0}, r2_val =
{s = 0x0, len = 0}}, add_rm = 0x0, body_lumps = 0x0, reply_lump = 0x0,
          add_to_branch_s = '\000' <repeats 57 times>, add_to_branch_len =
0, hash_index = 8312, flags = 0, msg_flags = 32, set_global_address = {s =
0x0, len = 0}, set_global_port = {s = 0x0, len = 0}, force_send_socket =
0x0,
          path_vec = {s = 0x0, len = 0}, msg_cb = 0x0}
        __FUNCTION__ = "run_failure_handlers"
#6  t_should_relay_response (Trans=0x2b0d03954950, new_code=<value optimized
out>, branch=<value optimized out>, should_store=0x7fff00703b58,
should_relay=0x7fff00703b5c, cancel_bitmap=<value optimized out>,
reply=0x796cc0)
    at t_reply.c:911
        branch_cnt = 1
        picked_code = <value optimized out>
        inv_through = <value optimized out>
        do_cancel = 0
        __FUNCTION__ = "t_should_relay_response"
#7  0x00002b0d01979392 in relay_reply (t=0x79c678, p_msg=0x796cc0,
branch=7354464, msg_status=404, cancel_bitmap=0x79d8b0) at t_reply.c:1125
        relay = <value optimized out>

l = 0x79d8b0save_clone = <value optimized out>
        buf = <value optimized out>
        res_len = 0
        relayed_code = 404
        relayed_msg = <value optimized out>
        bm = {to_tag_val = {s = 0x7fff00703c3c "", len = -1}}
        totag_retr = <value optimized out>
        reply_status = RPS_ERROR
        uas_rb = <value optimized out>
        cb_s = {s = 0x796cc0 "\005", len = 7704384}
        text = {s = 0x500000000796cc0 <Address 0x500000000796cc0 out of
bounds>, len = 528}
        __FUNCTION__ = "relay_reply"
#8  0x00002b0d0197a980 in reply_received (p_msg=0x796cc0) at t_reply.c:1494
        msg_status = 404
        branch = 7354464
        reply_status = <value optimized out>
        timer = <value optimized out>
        cancel_bitmap = 0
        uac = 0x2b0d03954b28
        t = 0x2b0d03954950
        backup_list = 0x0
        __FUNCTION__ = "reply_received"
#9  0x0000000000421e98 in forward_reply (msg=0x796cc0) at forward.c:561
        new_buf = <value optimized out>
        to = <value optimized out>
        new_len = <value optimized out>
        mod = 0x7849f8
        proto = <value optimized out>
        id = <value optimized out>
        send_sock = <value optimized out>
        len = <value optimized out>
        __FUNCTION__ = "forward_reply"
#10 0x00000000004570c2 in receive_msg (
    buf=0x758f40 "SIP/2.0 404 Not Found\r\nVia: SIP/2.0/UDP
4.2.46.150;branch=z9hG4bK8702.d1287257.0;rport=5060\r\nVia: SIP/2.0/UDP
4.2.46.245;branch=z9hG4bK8702.83cfa2a.0\r\nVia: SIP/2.0/UDP
109.104.88.29:5064;recei"...,
    len=528, rcv_info=0x7fff00703d20) at receive.c:200
        msg = 0x79c678
        __FUNCTION__ = "receive_msg"
#11 0x000000000049be14 in udp_rcv_loop () at udp_server.c:492
        len = 528
        tmp = 0x13c4 <Address 0x13c4 out of bounds>
        from = <value optimized out>
        fromlen = 16
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {3526265805, 6},
addr32 = {3526265805, 0, 6, 0}, addr16 = {35789, 53806, 0, 0, 6, 0, 0, 0},
addr = "Í.\322\000\000\000\000\006\000\000\000\000\000\000"}}, dst_ip = {af
= 2,
            len = 4, u = {addrl = {2519632845, 0}, addr32 = {2519632845, 0,
0, 0}, addr16 = {35789, 38446, 0, 0, 0, 0, 0, 0}, addr = "Í.\226", '\000'
<repeats 11 times>}}, src_port = 5060, dst_port = 5060, proto = 1,
          proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family
= 2, sa_data = "\023\304Í.\322\000\000\000\000\000\000\000"}, sin =
{sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 3526265805},
              sin_zero = "\000\000\000\000\000\000\000"}, sin6 =
{sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 3526265805, sin6_addr =
{in6_u = {u6_addr8 = '\000' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0,
0, 0, 0},
                  u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}},
bind_address = 0x795ca0}
        p = 0x0
        buf = "SIP/2.0 404 Not Found\r\nVia: SIP/2.0/UDP
4.2.46.150;branch=z9hG4bK8702.d1287257.0;rport=5060\r\nVia: SIP/2.0/UDP
4.2.46.245;branch=z9hG4bK8702.83cfa2a.0\r\nVia: SIP/2.0/UDP
109.104.88.29:5064;recei"...
        __FUNCTION__ = "udp_rcv_loop"
#12 0x000000000042a65d in main_loop (argc=3, argv=<value optimized out>) at
main.c:818
        i = 1
        pid = <value optimized out>
        si = 0x0
        startup_done = 0x0
        chd_rank = 6
        __FUNCTION__ = "main_loop"
#13 main (argc=3, argv=<value optimized out>) at main.c:1388
        cfg_log_stderr = <value optimized out>
        cfg_stream = 0xf8d0010
        c = <value optimized out>
        r = <value optimized out>

        old = 0x0
        n = <value optimized out>
        len = 1
        i = 0
        __FUNCTION__ = "backup"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20101202/e407816b/attachment-0001.htm>


More information about the Users mailing list