[sr-dev] Crash bug freeing To headers

Alex Balashov abalashov at evaristesys.com
Wed Aug 28 09:47:37 CEST 2013 

On 08/28/2013 03:43 AM, Daniel-Constantin Mierla wrote:

> Hello,
>
> one more thing, in frame 0, do:
>
> p *prev

In the core dump whose 'bt full' output I put into pastebin, right?

In the case of this crash (with the head/tail message with MEMDBG=1), 
the backtrace was a bit more conventional:

(gdb) where
#0  0x0000003dbae328a5 in raise () from /lib64/libc.so.6
#1  0x0000003dbae34085 in abort () from /lib64/libc.so.6
#2  0x000000000053c4c1 in qm_debug_frag (qm=0x7f99b6e80010, 
f=0x7f99b713d008)
     at mem/q_malloc.c:161
#3  0x000000000053de76 in qm_free (qm=0x7f99b6e80010, p=0x7f99b713d038,
     file=0x6165b1 "<core>: parser/parse_to.c", func=0x617e40 "free_to",
     line=839) at mem/q_malloc.c:462
#4  0x00000000005657fd in free_to (tb=0x7f99b713d038) at 
parser/parse_to.c:839
#5  0x0000000000544ee5 in clean_hdr_field (hf=0x7f99b6eea038)
     at parser/hf.c:113
#6  0x000000000054515a in free_hdr_field_lst (hf=0x7f99b6ee94f0)
     at parser/hf.c:223
#7  0x00000000005499e5 in free_sip_msg (msg=0x7f99b713b778)
     at parser/msg_parser.c:729
#8  0x000000000049f89d in receive_msg (
     buf=0x910e20 "SIP/2.0 480 Temporarily Unavailable\r\nVia: 
SIP/2.0/UDP 55.177.31.199;branch=z9hG4bK5d98.917ccf34.0\r\nVia: 
SIP/2.0/UDP 
208.94.157.10:5060;branch=z9hG4bK-2d1a-521da9d0-89ce197-48a5d43\r\nRecord-Route: 
<sip:"..., len=860,
     rcv_info=0x7fffd1c69db0) at receive.c:296
#9  0x0000000000532665 in udp_rcv_loop () at udp_server.c:557
#10 0x00000000004688a1 in main_loop () at main.c:1638
#11 0x000000000046b84a in main (argc=13, argv=0x7fffd1c6a0e8) at main.c:2566

I did wander into frame 3 here and printed the dereferenced value of 
'prev' as requested:

(gdb) frame 3
#3  0x000000000053de76 in qm_free (qm=0x7f99b6e80010, p=0x7f99b713d038,
     file=0x6165b1 "<core>: parser/parse_to.c", func=0x617e40 "free_to",
     line=839) at mem/q_malloc.c:462
462		qm_debug_frag(qm, f);
(gdb) print *prev
$1 = {size = 16160473784116415304, u = {nxt_free = 0x48bf7500e07d8348,
     is_free = 5242037137909318472},
   file = 0x1c880c748d8458b <Address 0x1c880c748d8458b out of bounds>,
   func = 0x8348000000000000 <Address 0x8348000000000000 out of bounds>,
   line = 9892250880904472772, check = 9892183985613198309}

-- Alex

-- 
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Decatur, GA 30030
United States
Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/

More information about the sr-dev mailing list