[sr-dev] instance related crash in t_next_contacts()
Hugh Waite
hugh.waite at crocodile-rcs.com
Tue Apr 9 12:49:31 CEST 2013
Hi,
I've fixed an uninitialised string in t_next_contacts which would be
visible for non-outbound contacts (i.e. without an instance value).
It should prevent the debug crash and hopefully the append branch crash.
Is it working correctly now?
The t_next_contacts function has not changed much since you wrote it
(but the t_next_contact_flow has) so if the instance value was supposed
to be present with this contact entry, I think there is an existing bug.
Hugh
On 08/04/2013 20:18, Juha Heinanen wrote:
> i'm now getting a crash in t_next_contacts(). looks like instance value
> is corrupted:
>
> (gdb) where
> #0 0x00007f3cfa608cba in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
> #1 0x00007f3cfa69a000 in __vsyslog_chk () from /lib/x86_64-linux-gnu/libc.so.6
> #2 0x00007f3cfa69a230 in syslog () from /lib/x86_64-linux-gnu/libc.so.6
> #3 0x00007f3cf79cfcd9 in t_next_contacts (msg=0x7f3cfa0b5920, key=0x0,
> value=0x0) at t_serial.c:592
> #4 0x000000000041bd9e in do_action (h=0x7fff77f12f90, a=0x7f3cf9e66690,
> msg=0x7f3cfa0b5920) at action.c:1074
> #5 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9e62f50,
> msg=0x7f3cfa0b5920) at action.c:1573
> #6 0x0000000000419fd2 in do_action (h=0x7fff77f12f90, a=0x7f3cf9e4d5c0,
> msg=0x7f3cfa0b5920) at action.c:690
> #7 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9e4d420,
> msg=0x7f3cfa0b5920) at action.c:1573
> #8 0x000000000041bd0a in do_action (h=0x7fff77f12f90, a=0x7f3cf9e4d7c0,
> msg=0x7f3cfa0b5920) at action.c:1065
> #9 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9e23ae0,
> msg=0x7f3cfa0b5920) at action.c:1573
> #10 0x0000000000419fd2 in do_action (h=0x7fff77f12f90, a=0x7f3cf9e16840,
> msg=0x7f3cfa0b5920) at action.c:690
> #11 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9e147f0,
> msg=0x7f3cfa0b5920) at action.c:1573
> #12 0x000000000041bd0a in do_action (h=0x7fff77f12f90, a=0x7f3cf9e17860,
> msg=0x7f3cfa0b5920) at action.c:1065
> #13 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9df5690,
> msg=0x7f3cfa0b5920) at action.c:1573
> #14 0x0000000000419fd2 in do_action (h=0x7fff77f12f90, a=0x7f3cf9d99000,
> msg=0x7f3cfa0b5920) at action.c:690
> #15 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9d98e60,
> msg=0x7f3cfa0b5920) at action.c:1573
> #16 0x000000000041bd0a in do_action (h=0x7fff77f12f90, a=0x7f3cf9d99200,
> msg=0x7f3cfa0b5920) at action.c:1065
> #17 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9d73660,
> msg=0x7f3cfa0b5920) at action.c:1573
> #18 0x0000000000419fd2 in do_action (h=0x7fff77f12f90, a=0x7f3cf9d2e970,
> msg=0x7f3cfa0b5920) at action.c:690
> #19 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9d1e830,
> msg=0x7f3cfa0b5920) at action.c:1573
> #20 0x0000000000419fd2 in do_action (h=0x7fff77f12f90, a=0x7f3cf9c390c0,
> msg=0x7f3cfa0b5920) at action.c:690
> ---Type <return> to continue, or q <return> to quit---
> #21 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9c390c0,
> msg=0x7f3cfa0b5920) at action.c:1573
> #22 0x000000000041bd0a in do_action (h=0x7fff77f12f90, a=0x7f3cf9c391c0,
> msg=0x7f3cfa0b5920) at action.c:1065
> #23 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9c06930,
> msg=0x7f3cfa0b5920) at action.c:1573
> #24 0x0000000000419fd2 in do_action (h=0x7fff77f12f90, a=0x7f3cf9c04630,
> msg=0x7f3cfa0b5920) at action.c:690
> #25 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9c04630,
> msg=0x7f3cfa0b5920) at action.c:1573
> #26 0x000000000041bd0a in do_action (h=0x7fff77f12f90, a=0x7f3cf9c05720,
> msg=0x7f3cfa0b5920) at action.c:1065
> #27 0x0000000000424414 in run_actions (h=0x7fff77f12f90, a=0x7f3cf9bf8da0,
> msg=0x7f3cfa0b5920) at action.c:1573
> #28 0x0000000000424b83 in run_top_route (a=0x7f3cf9bf8da0, msg=0x7f3cfa0b5920,
> c=0x0) at action.c:1658
> #29 0x000000000049d664 in receive_msg (
> buf=0xa607f0 "INVITE sip:jh at test.fi SIP/2.0\r\nVia: SIP/2.0/TCP 188.67.45.249:46366;branch=z9hG4bK53dd425a53ef9f18;rport\r\nContact: <sip:0x9e4840 at 188.67.45.249:46366;transport=tcp>\r\nMax-Forwards: 16\r\nProxy-Authorizati"...,
> len=1275, rcv_info=0x7f3cec6c0688) at receive.c:209
> #30 0x0000000000528513 in receive_tcp_msg (
> tcpbuf=0x7f3cec6c0958 "INVITE sip:jh at test.fi SIP/2.0\r\nVia: SIP/2.0/TCP 188.67.45.249:46366;branch=z9hG4bK53dd425a53ef9f18;rport\r\nContact: <sip:0x9e4840 at 188.67.45.249:46366;transport=tcp>\r\nMax-Forwards: 70\r\nProxy-Authorizati"..., len=1275, rcv_info=0x7f3cec6c0688, con=0x7f3cec6c0670) at tcp_read.c:1218
> #31 0x00000000005292ff in tcp_read_req (con=0x7f3cec6c0670,
> bytes_read=0x7fff77f133c0, read_flags=0x7fff77f133b8) at tcp_read.c:1373
> #32 0x000000000052ab32 in handle_io (fm=0x7f3cfa349318, events=1, idx=-1)
> at tcp_read.c:1603
> #33 0x0000000000523d59 in io_wait_loop_epoll (h=0x8d2180, t=2, repeat=0)
> at io_wait.h:1092
> #34 0x000000000052b3cf in tcp_receive_loop (unix_sock=42) at tcp_read.c:1714
> #35 0x000000000051e604 in tcp_init_children () at tcp_main.c:4969
> #36 0x0000000000469619 in main_loop () at main.c:1714
> #37 0x000000000046c2b4 in main (argc=17, argv=0x7fff77f13858) at main.c:2557
> (gdb)
> (gdb) frame 3
> #3 0x00007f3cf79cfcd9 in t_next_contacts (msg=0x7f3cfa0b5920, key=0x0,
> value=0x0) at t_serial.c:592
> 592 LM_INFO("Appending branch uri-'%.*s' dst-'%.*s' path-'%.*s' inst-'%.*s'\n",
> (gdb) print instance.len
> $1 = -102546075
>
> on line 592 i changed LM_DBG to LM_INFO to find out why append_branch
> failed and crashed there. now it is crashing already on LM_INFO.
>
> there has been lots of instance related changed in t_serial since i did
> work on it and i don't know if this bug is an old one or introduced by
> the later work.
>
> -- juha
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Hugh Waite
Principal Design Engineer
Crocodile RCS Ltd.
More information about the sr-dev
mailing list