Hi We experimented a crash with kamailio 4.0.5 , it looks like a memory corruption. After an analyse of the core file, it appears that it crashed while doing a str2int transformation (trying to convert the value of myvar to int): if (($(dlg_var("myvar"){s.int}) == 0) && some_other_condition ) { do_something(); } gdb output: (gdb) frame 4 #4 0x00000000004bcb77 in rval_get_btype (h=0x7fffd69713d0, msg=0x7ffc8a58a4d0, rv=0x7ffc8a3dfc18, val_cache=0x7fffd69706a0) at rvalue.c:418 418in rvalue.c (gdb) i loc r_avp = 0x7fffd69709b0 tmp_avp_val = {n = -1975661232, s = {s = 0x7ffc8a3dcd50 "\034\001", len = -1973902128}, re = 0x7ffc8a3dcd50} avpv = 0x7fffd6970928 tmp_pval = {rs = {s = 0x7ffc8a5b86e0 "route[MAIN]: call-id=52e8c2b553540db4 from=987654321 to=+1234567890 : ACK ip=10.0.x.x", len = -1975658024}, ri = -694745968, flags = 32767} pv = 0x7fffd69706a8 tmp = RV_NONE ptype = 0x7ffc8a58a4d0 __FUNCTION__ = "rval_get_btype" (gdb) p *pv $8 = {rs = {s = 0x7069736f58652820 <Address 0x7069736f58652820 out of bounds>, len = 775106354}, ri = 0, flags = 4} (gdb) p val_cache->c.pval $9 = {rs = {s = 0x7069736f58652820 <Address 0x7069736f58652820 out of bounds>, len = 775106354}, ri = 0, flags = 4} <- the value of s is invalid, it's a string from a SIP message. Full GDB backtrace and info locals here : kamailio 4.0.5 crash - memory corruption ? - Pastebin.com <http://pastebin.com/9S06nsyd> image <http://pastebin.com/9S06nsyd> kamailio 4.0.5 crash - memory corruption ? - Pastebin.co... <http://pastebin.com/9S06nsyd> (gdb) bt full #0 0x00007ffc822851e8 in str2sint (_s=0x7fffd69706a8, _r=0x7fffd69706b8) at ../../ut.h:681 i = 0 sign = 1 View on pastebin.com <http://pastebin.com/9S06nsyd> Preview by Yahoo I still have the core file and I can help with further analysis . Regards, Dragos PS: Kamailio still rocks. _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users