[sr-dev] [tracker] Comment added: Crash in kamailio core - timeout on forked destinations

[sip-router]

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

The following task has a new comment added:

FS#384 - Crash in kamailio core - timeout on forked destinations
User who did this - Hugh Waite (hugh.waite)

----------
(gdb) p t
$1 = (struct lump *) 0x73257325203a7325
(gdb) p *t
Cannot access memory at address 0x73257325203a7325
(gdb) info locals
tmp = 0x7fdf581d9b98
prev = 0x7fdf534d0a00
t = 0x73257325203a7325
list = 0x7fdf4f640ab8
__FUNCTION__ = "del_lump"
(gdb) list
329                     list=&msg->body_lumps;
330             else
331                     list=&msg->add_rm;
332             for (t=*list;t; prev=t, t=t->next){
333                     /* insert it sorted after offset */
334                     if (((t->op==LUMP_DEL)||(t->op==LUMP_NOP))&&(t->u.offset>offset))
335                             break;
336             }
337             tmp->next=t;
338             if (prev) prev->next=tmp;

prev and t are set even though *list is NULL, which makes me think msg is being freed.
The four timeout responses arrive in less than 0.1s, ACKs are sent back and the first 408 response forwards the 603 'best response'. This crash is happening when the second 408 response is apparently attempting to forward the same 603 response.

----------

More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=384#comment1247

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.