[sr-dev] [tracker] Comment added: Double Free -- Crash/Coredump and possible security vulnerability
sip-router
admin at sip-router.org
Tue Nov 8 04:52:36 CET 2011
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#173 - Double Free -- Crash/Coredump and possible security vulnerability
User who did this - Bayan Towfiq (btowfiq)
----------
It is still crashing with a similar backtrace: Here is a new backtrace:
(gdb) bt full
#0 0x00007f43d474aa75 in raise () from /lib/libc.so.6
No symbol table info available.
#1 0x00007f43d474e5c0 in abort () from /lib/libc.so.6
No symbol table info available.
#2 0x0000000000534708 in qm_free (qm=0x7f43bc853000, p=0x7f43bcb4be30, file=0x7f43cd0c6dff "dialog: dlg_hash.c", func=0x7f43cd0c7162 "destroy_dlg", line=217) at mem/q_malloc.c:458
f = 0x7f43bcb4be00
size = <value optimized out>
#3 0x00007f43cd0ad351 in destroy_dlg (dlg=0x7f43bcb4bbe8) at dlg_hash.c:217
ret = <value optimized out>
__FUNCTION__ = "destroy_dlg"
#4 0x00007f43cd0af735 in unref_dlg (dlg=0x7f43bcb4bbe8, cnt=0) at dlg_hash.c:597
d_entry = 0x7f43bcafb380
#5 0x00007f43d27d45bd in free_cell (dead_cell=0x7f43bcb91f08) at h_table.c:175
b = <value optimized out>
i = <value optimized out>
rpl = <value optimized out>
tt = <value optimized out>
foo = <value optimized out>
cbs = 0x7f43bcb6fba8
__FUNCTION__ = "free_cell"
#6 0x00007f43d27f091b in wait_handler (ti=<value optimized out>, wait_tl=<value optimized out>, data=<value optimized out>) at timer.c:676
p_cell = 0x7f43bcb91f08
#7 0x000000000051f4fd in timer_list_expire () at timer.c:894
tl = 0x7f43bcb91f88
ret = <value optimized out>
#8 timer_handler () at timer.c:959
saved_ticks = 790137305
run_slow_timer = <value optimized out>
#9 timer_main () at timer.c:998
No locals.
#10 0x000000000046454f in main_loop () at main.c:1655
i = 8
pid = <value optimized out>
si = 0x0
si_desc = "udp receiver child=7 sock=70.167.153.130:5160\000\000\000\000\000@\020", '\000' <repeats 12 times>, "\016\b\000\000\000\000\000\000\000\270\337\364\352\351\304!&\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\300\v\215\000\000\000\000\000\"\000\000\000\000\000\000\000\000\000@\020", '\000' <repeats 11 times>
#11 0x0000000000465dd2 in main (argc=11, argv=0x7fff3e203ff8) at main.c:2475
cfg_stream = <value optimized out>
c = <value optimized out>
r = <value optimized out>
tmp = 0x7fff3e205e83 ""
tmp_len = 0
port = <value optimized out>
proto = <value optimized out>
ret = <value optimized out>
seed = 1312519318
rfd = <value optimized out>
debug_save = 272629760
debug_flag = 34
dont_fork_cnt = 0
n_lst = 0x10400000
p = <value optimized out>
(gdb)
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=173#comment336
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the sr-dev
mailing list