[sr-dev] [ openser-Bugs-2797928 ] Segfaults in dialog_update_db

SourceForge.net noreply at sourceforge.net
Thu May 28 15:54:11 CEST 2009 

Bugs item #2797928, was opened at 2009-05-28 15:54
Message generated for change (Tracker Item Submitted) made by axlh
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2797928&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver 1.5.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Alex Hermann (axlh)
Assigned to: Nobody/Anonymous (nobody)
Summary: Segfaults in dialog_update_db

Initial Comment:
dialog_update_db() is very crashy. It doesn't do any sanity checks on pointers and as a consequence crashes a lot.

I've seen at least 2 occasions at which is crashes:

1) Calling dlg_manage() on a non-invite message

2) Worse, on an invalid message. When a 200 OK is missing a contact header, I get error messages from populate_leg_info():
ERROR:dialog:populate_leg_info: bad sip message or missing Contact hdr
ERROR:dialog:dlg_onreply: could not add further info to the dialog

But afterwards dialog_update_db segfaults on an invalid bind_addr, from the backtrace:

(gdb) bt
#0  0xb783c41a in dialog_update_db (ticks=771000, param=0x0) at dlg_db_handler.c:629
#1  0x080a9726 in start_timer_processes () at timer.c:282
#2  0x08069b38 in main (argc=10, argv=0xbfc6f2d4) at main.c:816

Line 629 is for my version:  SET_STR_VALUE(values+8, cell->bind_addr[DLG_CALLEE_LEG]->sock_str);

(gdb) bt full
<snip>
{type = DB_STR, nul = 0, free = -1282894544, val = {int_val = 178, ll_val = -5201380350948802382, double_val = -7.7990737395388139e-40, time_val = 178, string_val = 0xb2 "", str_val = {s = 0xb2 "", len = -1211040735}, blob_val = {s = 0xb2 "", len = -1211040735}, bitmap_val = 178}}
<snip>

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2797928&group_id=139143

More information about the sr-dev mailing list