[sr-dev] [tracker] Comment added: Double Free -- Crash/Coredump and possible security vulnerability
sip-router
admin at sip-router.org
Sun Nov 20 09:11:09 CET 2011
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#173 - Double Free -- Crash/Coredump and possible security vulnerability
User who did this - Brandon Armstead (CRYY2010)
----------
**** SEPARATE CRASH **** (full backtrace)
#0 0x00007f1eb16fbed5 in raise () from /lib/libc.so.6
#1 0x00007f1eb16fd3f3 in abort () from /lib/libc.so.6
#2 0x0000000000528739 in qm_free (qm=0x7f1e9a864000, p=0x7f1e9c2b28a0, file=0x7f1eaf8c26bb "dialog: dlg_hash.c", func=0x7f1eaf8c3022 "destroy_dlg", line=215) at mem/q_malloc.c:447
#3 0x00007f1eaf8aa224 in destroy_dlg (dlg=0x7f1e9cae87f8) at dlg_hash.c:215
#4 0x00007f1eaf8ac69b in unref_dlg (dlg=0x7f1e9cae87f8, cnt=518) at dlg_hash.c:584
#5 0x00007f1eaf8b1a94 in profile_cleanup (msg=<value optimized out>, flags=<value optimized out>, param=0x6) at dlg_profile.c:317
#6 0x00000000004bca91 in exec_post_script_cb (msg=0xaa93c8, type=<value optimized out>) at script_cb.c:195
#7 0x0000000000495a4d in receive_msg (
buf=0x8a4300 "ACK sip:URI at IP:5060;user=phone;transport=udp SIP/2.0\r\nRecord-Route: <sip:PROXY:5078;lr=on;ftag=7a0b74aea87281deo0>\r\nVia: SIP/2.0/UDP PROXY:5078;branch=z9hG4bK-4ab37cdb"..., len=<value optimized out>, rcv_info=0x7fffba04e9a0) at receive.c:221
#8 0x000000000051ca91 in udp_rcv_loop () at udp_server.c:532
#9 0x0000000000464bf5 in main_loop () at main.c:1560
#10 0x0000000000468063 in main (argc=<value optimized out>, argv=0x7fffba04ec68) at main.c:2410
#0 0x00007f1eb16fbed5 in raise () from /lib/libc.so.6
No symbol table info available.
#1 0x00007f1eb16fd3f3 in abort () from /lib/libc.so.6
No symbol table info available.
#2 0x0000000000528739 in qm_free (qm=0x7f1e9a864000, p=0x7f1e9c2b28a0, file=0x7f1eaf8c26bb "dialog: dlg_hash.c", func=0x7f1eaf8c3022 "destroy_dlg", line=215) at mem/q_malloc.c:447
f = <value optimized out>
size = <value optimized out>
#3 0x00007f1eaf8aa224 in destroy_dlg (dlg=0x7f1e9cae87f8) at dlg_hash.c:215
ret = <value optimized out>
__FUNCTION__ = "destroy_dlg"
#4 0x00007f1eaf8ac69b in unref_dlg (dlg=0x7f1e9cae87f8, cnt=518) at dlg_hash.c:584
d_entry = <value optimized out>
#5 0x00007f1eaf8b1a94 in profile_cleanup (msg=<value optimized out>, flags=<value optimized out>, param=0x6) at dlg_profile.c:317
No locals.
#6 0x00000000004bca91 in exec_post_script_cb (msg=0xaa93c8, type=<value optimized out>) at script_cb.c:195
cb = (struct script_cb *) 0xe0e410
flags = 2147483649
#7 0x0000000000495a4d in receive_msg (
buf=0x8a4300 "ACK sip:URI at IP:5060;user=phone;transport=udp SIP/2.0\r\nRecord-Route: <sip:PROXY:5078;lr=on;ftag=7a0b74aea87281deo0>\r\nVia: SIP/2.0/UDP PROXY:5078;branch=z9hG4bK-4ab37cdb"..., len=<value optimized out>, rcv_info=0x7fffba04e9a0) at receive.c:221
msg = (struct sip_msg *) 0xaa93c8
ctx = {rec_lev = 6, run_flags = 0, last_retcode = 0, jmp_env = {{__jmpbuf = {9420032, 5082739, 140736314272479, 0, 139769802477104, 139769812373504, 6, 4294967295}, __mask_was_saved = 9420904,
__saved_mask = {__val = {8357392, 140736314272168, 14652072, 4294967245, 139769812371096, 0, 139769810264522, 1, 0, 139771120713727, 4250091, 139769802477104, 14728624, 14652064, 139769810288658, 16}}}}}
ret = <value optimized out>
inb = {
s = 0x8a4300 "ACK sip:URI at IP:5060;user=phone;transport=udp SIP/2.0\r\nRecord-Route: <sip:PROXY:5078;lr=on;ftag=7a0b74aea87281deo0>\r\nVia: SIP/2.0/UDP PROXY:5078;branch=z9hG4bK-4ab37cdb"..., len = 729}
__FUNCTION__ = "receive_msg"
#8 0x000000000051ca91 in udp_rcv_loop () at udp_server.c:532
len = 729
from = (union sockaddr_union *) 0xdf92a0
fromlen = 16
ri = {src_ip = {af = 2, len = 4, u = {addrl = {2083402568, 6}, addr32 = {2083402568, 0, 6, 0}, addr16 = {13128, 31790, 0, 0, 6, 0, 0, 0}, addr = "H3.|\000\000\000\000\006\000\000\000\000\000\000"}},
dst_ip = {af = 2, len = 4, u = {addrl = {162653251, 0}, addr32 = {162653251, 0, 0, 0}, addr16 = {58435, 2481, 0, 0, 0, 0, 0, 0}, addr = "Cä±\t", '\0' <repeats 11 times>}}, src_port = 5078, dst_port = 5060,
proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2, sa_data = "\023ÖH3.|\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 54803, sin_addr = {s_addr = 2083402568},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 54803, sin6_flowinfo = 2083402568, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0,
0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address = 0xe0bdb0, proto = 1 '\001'}
buf = "ACK sip:URI at IP:5060;user=phone;transport=udp SIP/2.0\r\nRecord-Route: <sip:PROXY:5078;lr=on;ftag=7a0b74aea87281deo0>\r\nVia: SIP/2.0/UDP PROXY:5078;branch=z9hG4bK-4ab37cdb"...
__FUNCTION__ = "udp_rcv_loop"
#9 0x0000000000464bf5 in main_loop () at main.c:1560
i = 5
pid = <value optimized out>
si = (struct socket_info *) 0xe0bdb0
si_desc = "udp receiver child=5 sock=67.228.177.9:5060\000\000\000\000\000°·à\000\000\000\000\000\001\000\000\000\036\177", '\0' <repeats 18 times>, "t\000\000\000\000\000\000\000\030\225\211\232\001\000\000\000\001\000\000\000\000\000\000\000\003", '\0' <repeats 22 times>
#10 0x0000000000468063 in main (argc=<value optimized out>, argv=0x7fffba04ec68) at main.c:2410
cfg_stream = (FILE *) 0x1a00010
c = <value optimized out>
r = <value optimized out>
tmp = 0x7fffba050e5f ""
Quit
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=173#comment366
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the sr-dev
mailing list