[sr-dev] Segmentation fault when MSRP frame is received

Tue Oct 9 00:53:37 CEST 2012

Hi,

I've been trying to get MSRP working with the code in git master.  I get a
segmentation fault when I send in an MSRP frame.  The frame I am using is
the example from the module README:

MSRP 6aef SEND
To-Path: msrps://a.example.org:9000/kjfjan;tcp
msrps://b.example.net:9000/aeiug;tcp msrps://bob.example.net:8145/foo;tcp
From-Path: msrps://alice.example.org:7965/bar;tcp
Success-Report: yes
Byte-Range: 1-*/*
Message-ID: 87652
Content-Type: text/plain

Hi Bob, I'm about to send you a photo.
-------6aef$

I have put this into a text file (with \r\n line endings) and am using nc
to feed it into Kamailio.  My MSRP event_route[] is also copied directly
from the module README.

This is the back-trace from GDB:
Program terminated with signal 11, Segmentation fault.
#0  0x00007f604f6dfd00 in pv_get_msrp (msg=0x7f604f8e7700,
param=0x7f60573cb1f0, res=0x7fffed403b90) at msrp_vars.c:269
269				return pv_get_uintval(msg, param, res, sar->size-1);
(gdb) bt
#0  0x00007f604f6dfd00 in pv_get_msrp (msg=0x7f604f8e7700,
param=0x7f60573cb1f0, res=0x7fffed403b90) at msrp_vars.c:269
#1  0x000000000048a6ca in pv_get_spec_value (msg=0x7f604f8e7700,
sp=0x7f60573cb1d8, value=0x7fffed403b90) at pvapi.c:1233
#2  0x00000000004b7bf0 in rval_get_int (h=0x7fffed404a10, msg=<value
optimized out>, i=0x7fffed403e5c, rv=<value optimized out>, cache=<value
optimized out>)
    at rvalue.c:974
#3  0x00000000004bc22c in rval_expr_eval_int (h=0x7fffed404a10,
msg=0x7f604f8e7700, res=0x7fffed403e5c, rve=0x7f60573cb1c8) at
rvalue.c:1914
#4  0x00000000004bc3a9 in rval_expr_eval_int (h=0x7fffed404a10,
msg=0x7f604f8e7700, res=0x7fffed4042b8, rve=0x7f60573cbf68) at
rvalue.c:1947
#5  0x0000000000415f4c in do_action (h=0x7fffed404a10, a=0x7f60573cd6d8,
msg=0x7f604f8e7700) at action.c:1123
#6  0x000000000041c586 in run_actions (h=0x7fffed404a10, a=0x7f60573cd6d8,
msg=0x7f604f8e7700) at action.c:1646
#7  0x0000000000415fa3 in do_action (h=0x7fffed404a10, a=0x7f60573d1e88,
msg=0x7f604f8e7700) at action.c:1142
#8  0x000000000041c586 in run_actions (h=0x7fffed404a10, a=0x7f60573ba538,
msg=0x7f604f8e7700) at action.c:1646
#9  0x000000000041cbc0 in run_top_route (a=0x7f60573ba538,
msg=0x7f604f8e7700, c=<value optimized out>) at action.c:1731
#10 0x00007f604f6d769e in msrp_frame_received (data=<value optimized out>)
at msrp_mod.c:377
#11 0x0000000000512d49 in msrp_process_msg (
    tcpbuf=0x7f6050576a28 "MSRP 6aef SEND\r\nTo-Path:
msrps://a.example.org:9000/kjfjan;tcp
msrps://b.example.net:9000/aeiug;tcp
msrps://bob.example.net:8145/foo;tcp\r\nFrom-Path:
msrps://alice.example.org:7965/bar;tcp\r\nSuccess-Rep"..., len=330,
rcv_info=0x7f6050576758, con=0x7f6050576740) at tcp_read.c:1010
#12 0x00000000005176df in tcp_read_req (con=0x7f6050576740,
bytes_read=0x7fffed404d98, read_flags=0x7fffed404d94) at tcp_read.c:1380
#13 0x0000000000519630 in handle_io (fm=<value optimized out>,
events=<value optimized out>, idx=<value optimized out>) at
tcp_read.c:1552
#14 0x000000000051bae9 in io_wait_loop_epoll (unix_sock=<value optimized
out>) at io_wait.h:1092
#15 tcp_receive_loop (unix_sock=<value optimized out>) at tcp_read.c:1721
#16 0x00000000004ec0eb in tcp_init_children () at tcp_main.c:4953
#17 0x0000000000466789 in main_loop () at main.c:1722
#18 0x000000000046819c in main (argc=<value optimized out>, argv=<value
optimized out>) at main.c:2563

Regards,

Peter

-- 
Peter Dunkley
Technical Director
Crocodile RCS Ltd