New subject: [kamailio/kamailio] pv: crash when retriving a pv value (#808)

30 Sep 2016


      ```
Reading symbols from kamailio...Reading symbols from /usr/lib/debug/.build-id/10/824757bd1066806f2e19310929e17a9009a991.debug...done.
done.
[New LWP 5583]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/kamailio -f /etc/kamailio/proxy/kamailio.cfg -P /var/run/kamailio/kam'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  xavp_get_internal (name=0x7f486b2f7568, list=<optimized out>, idx=0, prv=0x0) at xavp.c:265
265	xavp.c: No such file or directory.
(gdb) bt
#0  xavp_get_internal (name=0x7f486b2f7568, list=<optimized out>, idx=0, prv=0x0) at xavp.c:265
#1  0x00007f486306b8b3 in pv_get_xavp (msg=0x7f4866d8e5f0, param=0x7f486b2f7768, res=0x7ffceb21ed90)
    at pv_xavp.c:134
#2  0x000000000058f96e in pv_get_spec_value (msg=0x7f4866d8e5f0, sp=0x7f486b2f7750, 
    value=0x7ffceb21ed90) at pvapi.c:1307
#3  0x00007f479badb45d in lua_sr_pv_get (L=0x2b46aa0) at app_lua_sr.c:906
...
(gdb) f 3
#3  0x00007f479badb45d in lua_sr_pv_get (L=0x2b46aa0) at app_lua_sr.c:906
906	app_lua_sr.c: No such file or directory.
(gdb) p pvn
$5 = {s = 0x2c47588 "$xavp(caller_dom_prefs=>dummy)", len = 30}
(gdb) f 2
#2  0x000000000058f96e in pv_get_spec_value (msg=0x7f4866d8e5f0, sp=0x7f486b2f7750, 
    value=0x7ffceb21ed90) at pvapi.c:1307
1307	pvapi.c: No such file or directory.
(gdb) p sp
$6 = (pv_spec_p) 0x7f486b2f7750
(gdb) p *sp
$7 = {type = PVT_XAVP, getf = 0x7f486306b810 <pv_get_xavp>, setf = 0x7f486306c640 <pv_set_xavp>, 
  pvp = {pvn = {type = 1, nfree = 0x0, u = {isname = {type = 1798272592, name = {n = 0, s = {
              s = 0x0, len = 0}, re = 0x0}}, dname = 0x7f486b2f7650}}, pvi = {type = 0, u = {
        ival = 0, dval = 0x0}}}, trans = 0x0}
(gdb) f 1
#1  0x00007f486306b8b3 in pv_get_xavp (msg=0x7f4866d8e5f0, param=0x7f486b2f7768, res=0x7ffceb21ed90)
    at pv_xavp.c:134
134	pv_xavp.c: No such file or directory.
(gdb) p xname
$8 = (pv_xavp_name_t *) 0x7f486b2f7650
(gdb) p *xname
$9 = {name = {s = 0x7f486b2f77b6 "caller_dom_prefs=>dummy)", len = 16}, index = {type = PVT_NONE, 
    getf = 0x0, setf = 0x0, pvp = {pvn = {type = 0, nfree = 0x0, u = {isname = {type = 0, name = {
              n = 0, s = {s = 0x0, len = 0}, re = 0x0}}, dname = 0x0}}, pvi = {type = 0, u = {
          ival = 0, dval = 0x0}}}, trans = 0x0}, next = 0x7f486b2f7568}
(gdb) p *xname->next
$10 = {name = {s = 0x7f486b2f77c8 "dummy)", len = 5}, index = {type = PVT_NONE, getf = 0x0, 
    setf = 0x0, pvp = {pvn = {type = 0, nfree = 0x0, u = {isname = {type = 0, name = {n = 0, s = {
                s = 0x0, len = 0}, re = 0x0}}, dname = 0x0}}, pvi = {type = 0, u = {ival = 0, 
          dval = 0x0}}}, trans = 0x0}, next = 0x0}
(gdb) p avp
$11 = <optimized out>
(gdb) p avp->val
value has been optimized out
(gdb) p avp->val.v
value has been optimized out
(gdb) p avp->val.v.xavp
value has been optimized out
```
Relevant code?
```
static sr_xavp_t *xavp_get_internal(str *name, sr_xavp_t **list, int idx, sr_xavp_t **prv)
{
    sr_xavp_t *avp;
    unsigned int id;
    int n = 0;
if(name==NULL || name->s==NULL)
    	return NULL;
    id = get_hash1_raw(name->s, name->len);
    
    if(list && *list)
    	avp = *list;
    else
    	avp = *_xavp_list_crt;
    while(avp)
    {
    	if(avp->id==id && avp->name.len==name->len
    			&& strncmp(avp->name.s, name->s, name->len)==0)
    	{
    		if(idx==n)
    			return avp;
    		n++;
    	}
    	if(prv)
    		*prv = avp;
    	avp = avp->next;
    }
    return NULL;
}
```
-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/808