[Devel] [ openser-Bugs-1690589 ] presence module: force_active causes segfault

SourceForge.net noreply at sourceforge.net
Thu Mar 29 14:50:35 CEST 2007 

Bugs item #1690589, was opened at 2007-03-29 15:50
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1690589&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver 1.2.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Kim Jakobsson (kjakobsson)
Assigned to: Nobody/Anonymous (nobody)
Summary: presence module: force_active causes segfault

Initial Comment:
Preconditions:

- presence module is in use
- 'force_active' module parameter is set to non-zero
- new SUBSCRIBE is received by the proxy and being handled in pending state.

This causes core dump. It seems that in file subscribe.c, 'subs.status.s' has been dynamically allocated, but when the force_active is set, the pointer is overwritten to static string pointer in notify handler. And later, illegal pkg_free is applied on the pointer.

Valgrind output follows:

==8943== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==8943==  Bad permissions for mapped region at address 0x43F3B41
==8943==    at 0x80BC832: fm_free (f_malloc.c:130)
==8943==    by 0x43F0687: handle_subscribe (subscribe.c:1099)
==8943==    by 0x8051472: do_action (action.c:883)
==8943==    by 0x8053739: run_action_list (action.c:131)
==8943==    by 0x80528E8: do_action (action.c:801)
==8943==    by 0x8053739: run_action_list (action.c:131)
==8943==    by 0x80528E8: do_action (action.c:801)
==8943==    by 0x8053739: run_action_list (action.c:131)
==8943==    by 0x80539D2: run_top_route (action.c:111)
==8943==    by 0x8083344: receive_msg (receive.c:156)
==8943==    by 0x80B40A8: udp_rcv_loop (udp_server.c:465)
==8943==    by 0x806EEF7: main_loop (main.c:732)


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1690589&group_id=139143

More information about the Devel mailing list