[sr-dev] 3.3 presence crash

Juha Heinanen jh at tutpro.com
Wed Jun 13 21:55:32 CEST 2012 

Hugh Waite writes:

> I see that core_hash has moved from /lib/kcore/hash_func.h (in 3.2) to 
> /hashes.h but I think the algorithm is the same one. Maybe pua is 
> passing a null or uninitialised string?

after getting the debug symbols, i see this:

(gdb) where
#0  0x00007fe3b4db0f9f in core_hash (s1=0x7fe3b1866a01, s2=0x0, size=512)
    at ../../hashes.h:279
#1  0x00007fe3b4db233f in publ_cback_func (t=0x7fe3b1866d20, type=1024, 
    ps=0x7fffa7086230) at send_publish.c:246
#2  0x00007fe3b9834907 in run_trans_callbacks_internal (cb_lst=0x7fe3b1866d90, 
    type=1024, trans=0x7fe3b1866d20, params=0x7fffa7086230) at t_hooks.c:290
#3  0x00007fe3b9834a19 in run_trans_callbacks (type=1024, 
    trans=0x7fe3b1866d20, req=0x0, rpl=0x7fe3b9d78c88, code=200)
    at t_hooks.c:317
#4  0x00007fe3b985c6fa in local_reply (t=0x7fe3b1866d20, p_msg=0x7fe3b9d78c88, 
    branch=0, msg_status=200, cancel_data=0x7fffa7086490) at t_reply.c:2001
#5  0x00007fe3b985db30 in reply_received (p_msg=0x7fe3b9d78c88)
    at t_reply.c:2350
#6  0x000000000044fee5 in forward_reply (msg=0x7fe3b9d78c88) at forward.c:790
#7  0x0000000000489180 in receive_msg (
    buf=0x7fe3b1868350 "SIP/2.0 200 OK\r\nVia: SIP/2.0/TCP 192.98.103.10:8080;branch=z9hG4bK2d38.cbac1124", '0' <repeats 24 times>, ".0;received=127.0.0.1\r\nTo: sip:jh at vm.test.fi;tag=4a664ec84c547b2d0bc0fe8965f834e4-d075\r\nFrom: sip"..., len=461, rcv_info=0x7fe3b1868088) at receive.c:270
#8  0x0000000000501a8c in receive_tcp_msg (
    tcpbuf=0x7fe3b1868350 "SIP/2.0 200 OK\r\nVia: SIP/2.0/TCP 192.98.103.10:8080;branch=z9hG4bK2d38.cbac1124", '0' <repeats 24 times>, ".0;received=127.0.0.1\r\nTo: sip:jh at vm.test.fi;tag=4a664ec84c547b2d0bc0fe8965f834e4-d075\r\nFrom: sip"..., len=461, rcv_info=0x7fe3b1868088, con=0x7fe3b1868070) at tcp_read.c:1044
#9  0x0000000000502740 in tcp_read_req (con=0x7fe3b1868070, 
    bytes_read=0x7fffa708693c, read_flags=0x7fffa7086938) at tcp_read.c:1231
#10 0x0000000000503759 in handle_io (fm=0x7fe3b9d66740, events=1, idx=-1)
    at tcp_read.c:1403
#11 0x00000000004fe363 in io_wait_loop_epoll (h=0x897ce0, t=2, repeat=0)
    at io_wait.h:1092
#12 0x0000000000504431 in tcp_receive_loop (unix_sock=20) at tcp_read.c:1572
#13 0x00000000004f9920 in tcp_init_children () at tcp_main.c:4952
#14 0x000000000045c9fb in main_loop () at main.c:1718
#15 0x000000000045f29c in main (argc=16, argv=0x7fffa7086de8) at main.c:2546

at frame #1, i see:

(gdb) frame 1
#1  0x00007fe3b4db233f in publ_cback_func (t=0x7fe3b1866d20, type=1024, 
    ps=0x7fffa7086230) at send_publish.c:246
246		hash_code= core_hash(hentity->pres_uri, NULL, HASH_SIZE);
(gdb) print hentity->pres_uri
$1 = (str *) 0x7fe3b1866a01

looks like that str does not point to anything real:

(gdb) print hentity->pres_uri.len
$3 = 1835890035
(gdb) print hentity->pres_uri.s
$4 = 0x2d6567617373656d <Address 0x2d6567617373656d out of bounds>

-- juha

More information about the sr-dev mailing list