[Devel] memory problem in pa module

Bogdan-Andrei Iancu bogdan at voice-system.ro
Wed Jul 20 10:04:29 CEST 2005 

Hi there,

the crash happen due a memory overwrite - you write more than is 
allocated.  The memory manager complains that the end of fragment marker 
(c0c0c0c0)  is altered to (c0c0c000) - somewhere you wrote one extra  
byte with NULL value - this is a typically mistake when coping string 
and allocating mem only for the string itself and not also for the 
string terminator ( 0 char). So if you alloc a new string with 
strlen(oldstring), make a "+1" to the allocated memory size to 
incorporate the string terminator.

regards,
bogdan

SIP爱好者 wrote:

> I modify the PA module, when SER recieve "REGISTER". It will 
> find_prentity, if no presentity found, we create a new one, and then 
> register the callback function. but when the user unregister, we get a 
> error. the detail error infomation is following.
>
> thanks.
>
> =================error infomation======================
> 9(16480) pa_handle_registration: from=sip:75 at 192.168.20.242 
> p_uri=75 at 192.168.20.242 expires=3600
> 9(16480) pa_handle_registration: find_presentity did not find presentity
> 9(16480) pa_handle_registration: create_presentity_only
> 9(16480) pa_handle_registration about to call d->reg p=0xb5457ed4 
> expires=3600 9(16480) pa_handle_registration about to return 
> 111(16482) in callback: uri=75 at 192.168.20.242 
> contact=sip:75 at 192.168.20.114:9367;transport=udp state=0
> 9(16480) new_presentity=0xb5457ed4 for uri=75 at 192.168.20.242
> 9(16480) add_presentity _p=0xb5457ed4 p_uri=75 at 192.168.20.242
> 9(16480) in callback: uri=75 at 192.168.20.242 
> contact=sip:75 at 192.168.20.114:9367;transport=udp state=1
> 9(16480) in callback callback_lock_pdomain = 1
> 9(16480) find_presence_tuple: _p=0xb5457ed4 _p->tuples=(nil)
> 9(16480) in callback after find_presence_tuple
> 9(16480) in callback before new_presence_tuple
> 9(16480) new_tuple=0xb5457f88 for aor=75 at 192.168.20.242 
> contact=sip:75 at 192.168.20.114:9367;transport=udp
> 9(16480) in callback before add_presence_tuple
> 9(16480) in callback before db_update_presentity
> 9(16480) in callback after db_update_presentity
> 9(16480) in callback leave callback
> 11(16482) in callback callback_lock_pdomain = 1
> 11(16482) find_presence_tuple: _p=0xb5457ed4 _p->tuples=0xb5457f88
> 11(16482) in callback after find_presence_tuple
> 11(16482) in callback before db_update_presentity
> 11(16482) in callback after db_update_presentity
> 11(16482) in callback leave callback
> 11(16482) BUG: qm_*: prev. fragm. tail overwritten(c0c0c000, 
> abcdefed)[0xb5457e28:0xb5457e40]!
> 0(16471) child process 16482 exited by a signal 6
> 0(16471) core was not generated
> 0(16471) INFO: terminating due to SIGCHLD
> 1(16472) INFO: signal 15 received
> 2(16473) INFO: signal 15 received
> 4(16475) INFO: signal 15 received
> 5(16476) INFO: signal 15 received
> 6(16477) INFO: signal 15 received
> 7(16478) INFO: signal 15 received
> 9(16480) INFO: signal 15 received
> 8(16479) INFO: signal 15 received
> 10(16481) INFO: signal 15 received
> 12(16483) INFO: signal 15 received
> 13(16484) INFO: signal 15 received
> 14(16485) INFO: signal 15 received
> 15(16486) INFO: signal 15 received
> 16(16487) INFO: signal 15 received
> 17(16488) INFO: signal 15 received
> 18(16489) INFO: signal 15 received
> 19(16490) INFO: signal 15 received
> 20(16491) INFO: signal 15 received
> 21(16492) INFO: signal 15 received
> 22(16493) INFO: signal 15 received
> 23(16494) INFO: signal 15 received
> 24(16495) INFO: signal 15 received
> 25(16496) INFO: signal 15 received
> 26(16497) INFO: signal 15 received
> 3(16474) INFO: signal 15 received
> 0(16471) BUG: shutdown timeout triggered, dying...
>
>
>
>
> ===============================================
> 心动在TOM,注册邮箱不后悔! 
> <http://bjcgi.163.net/cgi-bin/newreg.cgi?%0Arf=050602>
>
> 全面升级至大容量,高速度,超安全。还等什么呢! 
> <http://bjcgi.163.net/cgi-bin/newreg.cgi?%0Arf=050602>
>
> 明星送祝福(http://sr.tom.com): 周杰伦 
> <http://sr.tom.com/send.php?id=330&type=2>  蔡依林 
> <http://sr.tom.com/send.php?id=315&type=2>  王力宏 
> <http://sr.tom.com/send.php?id=257&type=2>  田震 
> <http://sr.tom.com/send.php?id=247&type=2>  代您送去生日祝福
>
> 万首金曲免费送(http://mm.tom.com/ivr/) : 你到底爱谁 
> <http://fs.tom.com/sms/ivr_song_step0.php?%0Avar=1&id=37987&user_id=3&code_id=iw4001&>  
> 千年之恋 
> <http://fs.tom.com/sms/ivr_song_step0.php?%0Avar=1&id=38205&user_id=3&code_id=iw4001&>  
> 我是真的爱你 
> <http://fs.tom.com/sms/ivr_song_step0.php?%0Avar=1&id=37938&user_id=3&code_id=is0001&>  
> 一辈子做你的女孩 
> <http://fs.tom.com/sms/ivr_song_step0.php?%0Avar=1&id=1431&user_id=3&code_id=iw4001&>
>
> 全部彩铃免费送(http://mm.tom.com/cailing/): 我发财了发财了 
> <http://fs.tom.com/sms/cailing_step0.php?%0Avar=1&id=462&songtype=1&user_id=3&code_id=000000&songprovince=%E7%94%98%E8%82%83&>  
> 你喜欢我就说嘛 
> <http://fs.tom.com/sms/cailing_step0.php?%0Avar=1&id=300&songtype=1&user_id=3&code_id=000000&songprovince=%E5%8C%97%E4%BA%AC&>  
> 两只蝴蝶 
> <http://fs.tom.com/sms/cailing_step0.php?%0Avar=1&id=1345&songtype=0&user_id=3&code_id=&songprovince=%E5%8C%97%E4%BA%AC&>  
> 冲动的惩罚 
> <http://fs.tom.com/sms/cailing_step0.php?%0Avar=1&id=376&songtype=0&user_id=3&code_id=&songprovince=%E5%8C%97%E4%BA%AC&>
> ===============================================
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Devel mailing list
>Devel at openser.org
>http://openser.org/cgi-bin/mailman/listinfo/devel
>  
>

More information about the Devel mailing list