[sr-dev] Segfault in current kamailio/pv module
Richard Fuchs
rfuchs at sipwise.com
Tue Jan 8 19:26:15 CET 2013
Hi all, Daniel,
We've identified a subtle segfault condition in pv module, caused by:
1) tr_eval_string() setting val->rs.s to a constant and read-only ""
(empty string) under certain circumstances in two locations (pv_trans.c
lines 387 and 409),
followed by
2) pv_set_ruri() and others then trying to write to val->rs.s (e.g.
pv_core.c line 1823).
This results in segfault due to modification of read-only memory.
However I'm unsure about the fix: If val->rs.s is allowed to be
read-only, then there should be made no attempts to modify it, or
otherwise if val->rs.s is assumed to be always writable, then the
constant empty string assignment must be removed.
I'll take care of committing the fix once I know which one of the two
choices is the right one.
cheers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20130108/e6be555e/attachment.pgp>
More information about the sr-dev
mailing list