[OpenSIPS-Users] OpenSIPS Crash

Liviu Chircu liviu at opensips.org
Fri Jun 8 05:15:53 EDT 2018


Hi Ben,

Excellent report! I managed to reproduce the crash on first try:

Core was generated by `./opensips -m64 -M16 -f 
cfg/opensips-2.4-sipp-siptrace.cfg -w .'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f7987cd7f2a in sip_trace (msg=0x7f799817fd20, 
info=0x7f799468d5e0) at siptrace.c:1646
1646        db_vals[1].val.str_val.s = msg->callid->body.s;
(gdb) bt
#0  0x00007f7987cd7f2a in sip_trace (msg=0x7f799817fd20, 
info=0x7f799468d5e0) at siptrace.c:1646
#1  0x00007f7987cd7c8d in sip_trace_w (msg=0x7f799817fd20, 
param1=0x7f7998169110 "\001", param2=0x2 <error: Cannot access memory at 
address 0x2>, param3=0x7f79981691f8 "\001", param4=0x0) at siptrace.c:1590
#2  0x0000000000445082 in do_action (a=0x7f79981589a0, 
msg=0x7f799817fd20) at action.c:1864
#3  0x000000000043ccf7 in run_action_list (a=0x7f79981589a0, 
msg=0x7f799817fd20) at action.c:172

Quick question for you: you are sending a malformed INVITE, correct? 
Here is how mine looked like:

INVITE sip:sipp at 127.0.0.1:5060 SIP/2.0.
Via: SIP/2.0/UDP 127.0.0.1:7000;branch=z9hG4bK-1988-1-0.
From: sipp <sip:sipp at 127.0.0.1:7000>;tag=123456789.
To: sut <sip:sipp at 127.0.0.1:5060>.
CSeq: 1 INVITE.
Contact: <sip:sipp at 127.0.0.1:7000>   Call-ID: 1-1988 at 127.0.0.1.
Max-Forwards: 70.
Subject: Performance Test.
Content-Type: application/sdp.
Content-Length:   129.
.
v=0.
o=user1 53655765 2353687637 IN IP4 127.0.0.1.
s=-.
c=IN IP4 127.0.0.1.
t=0 0.
m=audio 6001 RTP/AVP 0.
a=rtpmap:0 PCMU/8000.

Notice how OpenSIPS will be unable to parse the Call-ID header field, 
hence the immediate crash in sip_trace(), as it's unable to handle a 
NULL Call-ID.

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 07.06.2018 22:24, Ben Newlin wrote:
>
> Hi,
>
> While running a new test scenario I encountered an OpenSIPS crash.
>
> version: opensips 2.3.3 (x86_64/linux)
>
> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, 
> F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
>
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
> MAX_URI_SIZE 1024, BUF_SIZE 65535
>
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>
> git revision: a0bed9d
>
> main.c compiled on 21:08:28 May 16 2018 with gcc 4.8.5
>
> Logs: https://pastebin.com/3vL3rbG4 <https://pastebin.com/3vL3rbG4>
>
> BT: https://pastebin.com/tTp32ASC <https://pastebin.com/tTp32ASC>
>
> Let me know if anything else is needed.
>
> Thanks,
>
> Ben Newlin
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20180608/7ceb0761/attachment.html>


More information about the Users mailing list