THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#173 - Double Free -- Crash/Coredump and possible security vulnerability User who did this - Brandon Armstead (CRYY2010) ---------- Dialog New Ref *** CRASH *** [New process 22271] #0 0x00007f6d164e8ad2 in dlg_lookup (h_entry=2849, h_id=1192025086) at dlg_hash.c:442 442 if (h_entry>=d_table->size) (gdb) bt #0 0x00007f6d164e8ad2 in dlg_lookup (h_entry=2849, h_id=1192025086) at dlg_hash.c:442 #1 0x00007f6d164e0725 in unref_dlg_from_cb (t=<value optimized out>, type=1192025086, param=0x7fff21c7a460) at dlg_handlers.c:964 #2 0x00007f6d1673db19 in run_trans_callbacks_internal (cb_lst=0x7f6d017c9b20, type=32768, trans=0x7f6d017c9ab0, params=0x7fff21c7a460) at t_hooks.c:290 #3 0x00007f6d1673dd86 in run_trans_callbacks (type=32768, trans=<value optimized out>, req=0x0, rpl=0x7f6d1670cc68, code=0) at t_hooks.c:317 #4 0x00007f6d167238c6 in free_cell (dead_cell=0x7f6d017c9ab0) at h_table.c:152 #5 0x00007f6d16723af0 in free_hash_table () at h_table.c:443 #6 0x00007f6d16734875 in tm_shutdown () at t_funcs.c:126 #7 0x00000000004e068f in destroy_modules () at sr_module.c:783 #8 0x00000000004655d0 in cleanup (show_status=1) at main.c:564 #9 0x00000000004662a4 in shutdown_children (sig=<value optimized out>, show_status=1) at main.c:706 #10 0x0000000000466c7b in handle_sigs () at main.c:797 #11 0x0000000000467bb6 in main_loop () at main.c:1741 #12 0x000000000046b22c in main (argc=<value optimized out>, argv=0x7fff21c7a888) at main.c:2508 (gdb) bt full #0 0x00007f6d164e8ad2 in dlg_lookup (h_entry=2849, h_id=1192025086) at dlg_hash.c:442 dlg = <value optimized out> d_entry = <value optimized out> #1 0x00007f6d164e0725 in unref_dlg_from_cb (t=<value optimized out>, type=1192025086, param=0x7fff21c7a460) at dlg_handlers.c:964 dlg = <value optimized out> iuid = (dlg_iuid_t *) 0xb21 #2 0x00007f6d1673db19 in run_trans_callbacks_internal (cb_lst=0x7f6d017c9b20, type=32768, trans=0x7f6d017c9ab0, params=0x7fff21c7a460) at t_hooks.c:290 cbp = (struct tm_callback *) 0x7f6d018fe5e8 backup_from = (avp_list_t *) 0x8d0310 backup_to = (avp_list_t *) 0x8d0318 backup_dom_from = (avp_list_t *) 0x8d0320 backup_dom_to = (avp_list_t *) 0x8d0328 backup_uri_from = (avp_list_t *) 0x8d0300 backup_uri_to = (avp_list_t *) 0x8d0308 backup_xavps = (sr_xavp_t **) 0x8d0410 #3 0x00007f6d1673dd86 in run_trans_callbacks (type=32768, trans=<value optimized out>, req=0x0, rpl=0x7f6d1670cc68, code=0) at t_hooks.c:317 params = {req = 0x0, rpl = 0x0, param = 0x7f6d018fe5f8, code = 0, flags = 0, branch = 0, t_rbuf = 0x0, dst = 0x0, send_buf = {s = 0x0, len = 0}} #4 0x00007f6d167238c6 in free_cell (dead_cell=0x7f6d017c9ab0) at h_table.c:152 b = <value optimized out> i = <value optimized out> rpl = <value optimized out> tt = <value optimized out> foo = <value optimized out> cbs = <value optimized out> __FUNCTION__ = "free_cell" #5 0x00007f6d16723af0 in free_hash_table () at h_table.c:443 p_cell = (struct cell *) 0xb21 tmp_cell = (struct cell *) 0x7f6d0164cd18 __FUNCTION__ = "free_hash_table" #6 0x00007f6d16734875 in tm_shutdown () at t_funcs.c:126 No locals. #7 0x00000000004e068f in destroy_modules () at sr_module.c:783 t = <value optimized out> foo = (struct sr_module *) 0x7f6d1832f810 __FUNCTION__ = "destroy_modules" #8 0x00000000004655d0 in cleanup (show_status=1) at main.c:564 memlog = <value optimized out> __FUNCTION__ = "cleanup" #9 0x00000000004662a4 in shutdown_children (sig=<value optimized out>, show_status=1) at main.c:706 No locals. #10 0x0000000000466c7b in handle_sigs () at main.c:797 chld = 0 chld_status = 139 memlog = <value optimized out> #11 0x0000000000467bb6 in main_loop () at main.c:1741 i = 8 pid = <value optimized out> si = (struct socket_info *) 0x0 si_desc = "udp receiver child=7 sock=67.228.177.9:5060\000\000\000\000\000`+\205\030m\177\000\000\001\000\000\000m\177\000\000\016\b", '\0' <repeats 22 times>, "\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\003\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\b\000\000\000\000\000\000" #12 0x000000000046b22c in main (argc=<value optimized out>, argv=0x7fff21c7a888) at main.c:2508 ---Type <return> to continue, or q <return> to quit---q ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=173#comment3… You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.