[Serdev] SER-0.8.14 segfaults
Andreas Granig
a.granig at inode.at
Wed Aug 11 09:45:33 UTC 2004
Hi,
Jiri Kuthan wrote:
> thanks for reporting. Please send a tarball with your source, core dump
> and configuration file to serhelp at lists.iptel.org.
Ok, will be sent ASAP.
> Just few quick questions: are you using AVPs? what is the value of avp
> in the backtrace bellow?
No, I don't use AVP. This is my first contact with that...
Some backtrace analysis:
(gdb) p list
$1 = (struct usr_avp **) 0x40559ebc
(gdb) p *list
$2 = (struct usr_avp *) 0x2941
(gdb) x/10c 0x40559ebc
0x40559ebc: 65 'A' 41 ')' 0 '\0' 0 '\0' -48 'Ð' 1 '\001' 0 '\0' 0 '\0'
0x40559ec4: 0 '\0' 0 '\0'
(gdb) x/20c 0x40559eb0
0x40559eb0: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0'
0x40559eb8: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 65 'A' 41 ')' 0 '\0' 0 '\0'
0x40559ec0: -48 'Ð' 1 '\001' 0 '\0' 0 '\0'
(gdb)
Looks like there's a buffer overflow somewhere, but it doesn't seem to
be a string...
I call some external C applications with exec_msg, but if one of them
has an error, I assume SER should only get a broken pipe, shouldn't it?
>>Program terminated with signal 11, Segmentation fault.
>><snip>
>>#0 destroy_avp_list_unsafe (list=0x40559ebc) at usr_avp.c:299
>>299 avp = avp->next;
>>(gdb) backtrace
>>#0 destroy_avp_list_unsafe (list=0x40559ebc) at usr_avp.c:299
>>#1 0x42308751 in free_cell (dead_cell=0x40559310) at h_table.c:150
>>#2 0x4231a878 in delete_cell (p_cell=0x40559310, unlock=1) at timer.c:232
>>#3 0x4231a4c5 in wait_handler (attr=0x40559310) at timer.c:440
>>#4 0x42319cbe in timer_routine (ticks=11940, attr=0x0) at timer.c:901
>>#5 0x080753fb in timer_ticker () at timer.c:146
>>#6 0x080594f6 in main_loop () at main.c:1026
>>#7 0x0805b3c3 in main (argc=1076797560, argv=0xbffffdb4) at main.c:1786
Cheers,
Andy
More information about the Serdev
mailing list