[OpenSER-Devel] [ openser-Bugs-1921630 ] dialog: crash in dlg_timer_routine
SourceForge.net
noreply at sourceforge.net
Wed Apr 2 00:20:56 CEST 2008
Bugs item #1921630, was opened at 2008-03-20 14:48
Message generated for change (Comment added) made by nobody
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1921630&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver 1.3.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Ovidiu Sas (osas)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: dialog: crash in dlg_timer_routine
Initial Comment:
openser 1.3.0
# openser -V
version: openser 1.3.0-notls (i386/linux)
flags: STATS: Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: 2:3907M
@(#) $Id: main.c 3590 2008-01-28 17:46:56Z bogdan_iancu $
main.c compiled on 20:43:57 Mar 10 2008 with gcc 4.1.2
(gdb) bt
#0 0x001c6622 in dlg_timer_routine (ticks=484221, attr=0x0) at dlg_timer.c:194
#1 0x080c84ca in start_timer_processes () at timer.c:275
#2 0x0806c0fb in main (argc=5, argv=0xbf904c64) at main.c:873
(gdb) list
189
190 if (tl==end && d_timer->first.next->prev) {
191 ret = 0;
192 } else {
193 ret = d_timer->first.next;
194 tl->prev->next = 0;
195 d_timer->first.next = tl;
196 tl->prev = &d_timer->first;
197 }
198
(gdb) print tl
$1 = (struct dlg_tl *) 0x9897e8c8
(gdb) print tl->prev
$2 = (struct dlg_tl *) 0x0
(gdb)
Regards,
Ovidiu Sas
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2008-04-01 15:20
Message:
Logged In: NO
another crash:
(gdb) bt
#0 0x004c6622 in dlg_timer_routine (ticks=337654, attr=0x0) at
dlg_timer.c:194
#1 0x080c84ca in start_timer_processes () at timer.c:275
#2 0x0806c0fb in main (argc=5, argv=0xbfe413f4) at main.c:873
(gdb) print tl
$1 = (struct dlg_tl *) 0x98a53068
(gdb) print tl->prev
$2 = (struct dlg_tl *) 0x0
----------------------------------------------------------------------
Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-03-31 03:31
Message:
Logged In: YES
user_id=1275325
Originator: NO
Hi Ovidiu,
looks like some corruption of the dialog timer list - I will take a look
on this.
Thanks and regards,
Bogdan
----------------------------------------------------------------------
Comment By: Ovidiu Sas (osas)
Date: 2008-03-20 17:22
Message:
Logged In: YES
user_id=1395524
Originator: YES
hmmm ... another crash:
Program terminated with signal 11, Segmentation fault.
#0 0x0094a58f in dlg_timer_routine (ticks=9816, attr=0x0) at
dlg_timer.c:184
184 while( tl!=end && tl->timeout <= time) {
(gdb) bt
#0 0x0094a58f in dlg_timer_routine (ticks=9816, attr=0x0) at
dlg_timer.c:184
#1 0x080c84ca in start_timer_processes () at timer.c:275
#2 0x0806c0fb in main (argc=5, argv=0xbfe11964) at main.c:873
(gdb) list
179 lock_get( d_timer->lock);
180
181 end = &d_timer->first;
182 tl = d_timer->first.next;
183 LM_DBG("start with %p (%d) at %d\n",
tl,tl->timeout,time);
184 while( tl!=end && tl->timeout <= time) {
185 LM_DBG("getting %p with %d\n", tl,tl->timeout);
186 tl->prev = 0;
187 tl=tl->next;
188 }
(gdb) print tl
$1 = <value optimized out>
(gdb) print tl->timeout
Cannot access memory at address 0x8
struct dlg_tl
{
struct dlg_tl *next;
struct dlg_tl *prev;
volatile unsigned int timeout;
};
It seems that tl is NULL.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1921630&group_id=139143
More information about the Devel
mailing list