Hi,
I'm running 4.4.0:ea2033 and am seeing a crash when using route_if_exists() on a nonexistent route:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 512 -M 8 -u evaristesys -g'. Program terminated with signal 11, Segmentation fault. #0 0x0000000000456751 in do_action (h=0x7ffcce5bc4c0, a=0xf0f0f0f0, msg=0x7fba440abc80) at action.c:337 337 switch ((unsigned char)a->type){ gdb) print a $1 = (struct action *) 0xf0f0f0f0 (gdb) print a->type Cannot access memory at address 0xf0f0f108
The invocation looks like this:
if(check_route_exists("AUX_RTPENGINE_OFFER_INBOUND")) route_if_exists("AUX_RTPENGINE_OFFER_INBOUND"); else { set_rtpengine_set("1"); rtpengine_offer("replace-origin replace-session-connection ICE=remove"); }
#route[AUX_RTPENGINE_OFFER_INBOUND] { # xlog("L_INFO", 'action=R-AUX-RTPENGINE-OFFER-INBOUND'); #}
Uncommenting the nonexistent route has another curious effect: script execution appears to break after route[AUX_RTPENGINE_OFFER_INBOUND] executes, and nothing further happens.
Changing
route_if_exists("AUX_RTPENGINE_OFFER_INBOUND");
to
route(AUX_RTPENGINE_OFFER_INBOUND);
resolves both issues (the crash and the script execution halting). But, of course, if the route is commented out - its normal state - then Kamailio won't start since it won't allow a nonexistent identifier to be passed to route().
Some additional context:
(gdb) where #0 0x0000000000456751 in do_action (h=0x7ffd50a0bfe0, a=0xf0f0f0f0, msg=0x7ffa8511a850) at action.c:337 #1 0x000000000046a78c in run_actions (h=0x7ffd50a0bfe0, a=0xf0f0f0f0, msg=0x7ffa8511a850) at action.c:1549 #2 0x000000000046af11 in run_top_route (a=0xf0f0f0f0, msg=0x7ffa8511a850, c=0x0) at action.c:1635 #3 0x00007ffa8187b118 in route_exists (msg=0x7ffa8511a850, route=0x7ffa85029d20 "AUX_RTPENGINE_OFFER_INBOUND") at cfgutils.c:883 #4 0x000000000045e087 in do_action (h=0x7ffd50a10760, a=0x7ffa85038650, msg=0x7ffa8511a850) at action.c:1060 #5 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa85038650, msg=0x7ffa8511a850) at action.c:1549 #6 0x000000000045df6e in do_action (h=0x7ffd50a10760, a=0x7ffa85039410, msg=0x7ffa8511a850) at action.c:1045 #7 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa850266a0, msg=0x7ffa8511a850) at action.c:1549 #8 0x000000000045aa5a in do_action (h=0x7ffd50a10760, a=0x7ffa85024688, msg=0x7ffa8511a850) at action.c:678 #9 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa8501ca40, msg=0x7ffa8511a850) at action.c:1549 #10 0x000000000045aa5a in do_action (h=0x7ffd50a10760, a=0x7ffa84f1b058, msg=0x7ffa8511a850) at action.c:678 #11 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa84f17f20, msg=0x7ffa8511a850) at action.c:1549 #12 0x000000000045aa5a in do_action (h=0x7ffd50a10760, a=0x7ffa84f15850, msg=0x7ffa8511a850) at action.c:678 #13 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa84f0fa58, msg=0x7ffa8511a850) at action.c:1549 #14 0x000000000045aa5a in do_action (h=0x7ffd50a10760, a=0x7ffa84ef8648, msg=0x7ffa8511a850) at action.c:678 #15 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa84ef6bf8, msg=0x7ffa8511a850) at action.c:1549 #16 0x000000000045df6e in do_action (h=0x7ffd50a10760, a=0x7ffa84eff920, msg=0x7ffa8511a850) at action.c:1045 #17 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa84eed450, msg=0x7ffa8511a850) at action.c:1549 #18 0x000000000045aa5a in do_action (h=0x7ffd50a10760, a=0x7ffa84ec1e58, msg=0x7ffa8511a850) at action.c:678 #19 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa84ec1e58, msg=0x7ffa8511a850) at action.c:1549 #20 0x000000000045df6e in do_action (h=0x7ffd50a10760, a=0x7ffa84ec33e0, msg=0x7ffa8511a850) at action.c:1045 #21 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa84ec33e0, msg=0x7ffa8511a850) at action.c:1549 #22 0x000000000045dfbc in do_action (h=0x7ffd50a10760, a=0x7ffa84ec3510, msg=0x7ffa8511a850) at action.c:1049 #23 0x000000000046a78c in run_actions (h=0x7ffd50a10760, a=0x7ffa84eab4d0, msg=0x7ffa8511a850) at action.c:1549 #24 0x000000000046af11 in run_top_route (a=0x7ffa84eab4d0, msg=0x7ffa8511a850, c=0x0) at action.c:1635 #25 0x0000000000577af3 in receive_msg ( buf=0xa151c0 <buf.6676> "INVITE sip:16789540674@10.150.20.6:5060 SIP/2.0\r\nRecord-Route: sip:10.150.20.2;r2=on;lr;ftag=gK0865ef35\r\nRecord-Route: sip:209.51.167.66;r2=on;lr;ftag=gK0865ef35\r\nRecord-Route: <sip:65.254.44.194;"..., len=1293, rcv_info=0x7ffd50a10aa0) at receive.c:240 #26 0x000000000049ba80 in udp_rcv_loop () at udp_server.c:495 #27 0x0000000000521878 in main_loop () at main.c:1600 #28 0x0000000000528de5 in main (argc=13, argv=0x7ffd50a10fd8) at main.c:2616
Just for fun, I tried upgrading to the latest 4.4 HEAD (90be8b) and the crash behaviour did not change.
Hello,
can you try with the commit 6a3fc200b19500ddd6ed9a2236db6e21f777564a pushed to master? There were some improper conditions done when checking if the routing block exists. Few other issues related to returned code were fixed.
If all is ok, then it can be backported.
Cheers, Daniel
On 12/05/16 10:56, Alex Balashov wrote:
Just for fun, I tried upgrading to the latest 4.4 HEAD (90be8b) and the crash behaviour did not change.
Daniel,
I can confirm that this does seem to fix the issues. Thank you very much for the rapid response and hard work as always!
Question: looking at the commit, it would appear as if much of the function had to be rewritten entirely. The initial commit of this functionality was made in early 2013:
https://github.com/kamailio/kamailio/commit/c2c4c393a3c68ed3fb6fd53a71febdd9...
Since it clearly did not work _at all_, and was _totally_ broken, I have to ask: would it be reasonable to conclude that the committer never tested it at all?
-- Alex
On 05/12/2016 10:57 AM, Daniel-Constantin Mierla wrote:
Hello,
can you try with the commit 6a3fc200b19500ddd6ed9a2236db6e21f777564a pushed to master? There were some improper conditions done when checking if the routing block exists. Few other issues related to returned code were fixed.
If all is ok, then it can be backported.
Cheers, Daniel
On 12/05/16 10:56, Alex Balashov wrote:
Just for fun, I tried upgrading to the latest 4.4 HEAD (90be8b) and the crash behaviour did not change.
-- Daniel-Constantin Mierla http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 -http://www.kamailioworld.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
I expect that sometimes the "end point" functions (not executed by other C functions, being only available to the config) are tested only for some specific needs by the developer. Don't recall the code by heart right now, but I guess these functions should have worked fine to some extent if the route existed.
For 5.0 it is planned a better unit testing framework and eventually new config function addition will come with few tests around it.
Thanks for reporting the results after the patch, it will be backported.
Cheers, Daniel
On 12/05/16 21:36, Alex Balashov wrote:
Daniel,
I can confirm that this does seem to fix the issues. Thank you very much for the rapid response and hard work as always!
Question: looking at the commit, it would appear as if much of the function had to be rewritten entirely. The initial commit of this functionality was made in early 2013:
https://github.com/kamailio/kamailio/commit/c2c4c393a3c68ed3fb6fd53a71febdd9...
Since it clearly did not work _at all_, and was _totally_ broken, I have to ask: would it be reasonable to conclude that the committer never tested it at all?
-- Alex
On 05/12/2016 10:57 AM, Daniel-Constantin Mierla wrote:
Hello,
can you try with the commit 6a3fc200b19500ddd6ed9a2236db6e21f777564a pushed to master? There were some improper conditions done when checking if the routing block exists. Few other issues related to returned code were fixed.
If all is ok, then it can be backported.
Cheers, Daniel
On 12/05/16 10:56, Alex Balashov wrote:
Just for fun, I tried upgrading to the latest 4.4 HEAD (90be8b) and the crash behaviour did not change.
-- Daniel-Constantin Mierla http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 -http://www.kamailioworld.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Daniel,
My finding was that if the route does not exist, there was a crash. :-) But it's certainly conceivable that the context of my use of the function was more exotic than the author's.
-- Alex Balashov | Principal | Evariste Systems LLC 1447 Peachtree Street NE, Suite 700 Atlanta, GA 30309 United States
Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
Sent from my BlackBerry.
-
Alex Balashov -
Daniel-Constantin Mierla