[OpenSIPS-Users] Core dump in svn head

Wed Oct 13 19:46:28 CEST 2010

Over the past couple weeks I have been getting occasional segfaults just
prior to (or perhaps in the process of) a t_relay() in my failure_route.
Still haven't gotten to the bottom of the root cause in my config, but I
was able to find and fix the symptomatic code in the
pre_print_uac_request() function in t_fwd.c (based on Bogdan's previous
fix for a similar problem).

Backtrace:
#0  0xb763ba55 in memcpy () from /lib/tls/i686/cmov/libc.so.6
#1  0xb72ede1d in pre_print_uac_request (t=0x972ddf78, branch=1,
request=0x972cec64) at t_fwd.c:177
#2  0xb72eeac0 in add_uac (t=0x972ddf78, request=0x7fffffff,
uri=0xbf8a250c, next_hop=0xbf8a2514, path=0xb7315100, proxy=0x0) at
t_fwd.c:401
#3  0xb72efbc0 in t_forward_nonack (t=0x972ddf78, p_msg=0xb7314de0,
proxy=0x0) at t_fwd.c:660
#4  0xb72fbdbf in w_t_relay (p_msg=0xb7314de0, proxy=0x0, flags=<value
optimized out>) at tm.c:1116
#5  0x08057810 in do_action (a=0x819f924, msg=0xb7314de0) at
action.c:1155
#6  0x080557ff in run_action_list (a=0x819e7cc, msg=0xb7314de0) at
action.c:140
#7  0x0805981e in do_action (a=0x819fed4, msg=0xb7314de0) at
action.c:821
#8  0x080557ff in run_action_list (a=0x819e584, msg=0xb7314de0) at
action.c:140
#9  0x0805981e in do_action (a=0x81a0390, msg=0xb7314de0) at
action.c:821
#10 0x080557ff in run_action_list (a=0x819d588, msg=0xb7314de0) at
action.c:140
#11 0x0805aef1 in run_top_route (a=0x819d588, msg=0xb7314de0) at
action.c:120
#12 0xb7304c2c in t_should_relay_response (Trans=0x972ddf78,
new_code=408, branch=0, should_store=0xbf8a3094,
should_relay=0xbf8a3098, cancel_bitmap=0xbf8a30e8, reply=0xffffffff)
    at t_reply.c:621
#13 0xb730683d in relay_reply (t=0x972ddf78, p_msg=0xffffffff, branch=0,
msg_status=408, cancel_bitmap=0xbf8a30e8) at t_reply.c:1133
#14 0xb72f21e5 in fake_reply (t=0x972ddf78, branch=0, code=408) at
timer.c:259
#15 0xb72f3dd7 in timer_routine (ticks=3285, attr=0x0) at timer.c:365
#16 0x080c12c0 in start_timer_processes () at timer.c:325
#17 0x0806e37e in main (argc=Cannot access memory at address 0x7fffffff
) at main.c:872

Here is the patch to fix:

Index: modules/tm/t_fwd.c
===================================================================

--- modules/tm/t_fwd.c  (revision 7259)
+++ modules/tm/t_fwd.c  (working copy)
@@ -166,7 +166,7 @@
                        -request->REQ_METHOD);
 
        /* copy dst_uri into branch (after branch route possible updated
it) */
-       if (request->dst_uri.len) {
+       if ( request->dst_uri.s && request->dst_uri.len>0 ) {
                t->uac[branch].duri.s =
                        shm_resize(t->uac[branch].duri.s,
request->dst_uri.len);
                if (t->uac[branch].duri.s==NULL) {


After the code change and a recompile, the following lines appear in my
logs, whereas previously at this spot OpenSIPS crashed:

Oct 12 16:04:13 sipdev1 /usr/sbin/opensips[31245]: ERROR:core:parse_uri:
uri too short: <> (-1) 
Oct 12 16:04:13 sipdev1 /usr/sbin/opensips[31245]: ERROR:tm:uri2proxy:
bad_uri: (null) 
Oct 12 16:04:13 sipdev1 /usr/sbin/opensips[31245]:
ERROR:tm:t_forward_nonack: failure to add branches 
Oct 12 16:04:13 sipdev1 /usr/sbin/opensips[31245]: ERROR:tm:w_t_relay:
t_forward_nonack failed

Dave.

