[sr-dev] [tracker] Task opened: Crash on call of m_dump() - msilio module.

Thu Jan 31 10:48:43 CET 2013

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Stoyan Mihaylov (stoyan) 

Attached to Project - sip-router
Summary - Crash on call of m_dump() - msilio module.
Task Type - Bug Report
Category - Modules kamailio
Status - Unconfirmed
Assigned To - 
Operating System - Linux
Severity - Low
Priority - Normal
Reported Version - Development
Due in Version - Undecided
Due Date - Undecided
Details - My whole configuration is:
User client <-> Kamailio <-> Asterisk.
Calls and messages are going from user, to Kamailio then to Asterisk server (one or more), back to Kamailio and then to user.
When both clients are connected, then there are no problems with messages. When I am sending message to client who is not connected, then messages are stored. When client try to get stored messages, Kamailio crashes.
Currently, I cannot send logs, because I found problem, and I solved it on my servers - and I offer potential patch:

diff --git a/modules/msilo/msilo.c b/modules/msilo/msilo.c
index 209b309..4bda8fa 100644
--- a/modules/msilo/msilo.c
+++ b/modules/msilo/msilo.c
@@ -1125,8 +1125,16 @@ static int m_dump(struct sip_msg* msg, str* owner_s)
                        memcpy(tmp_extra_hdrs.s, extra_hdrs_str.s,
extra_hdrs_str.len);
                        memcpy(tmp_extra_hdrs.s+extra_hdrs_str.len,
str_vals[4].s, str_vals[4].len);
                } else {
-                       tmp_extra_hdrs.len = 0;
-                       tmp_extra_hdrs.s = "";
+                       tmp_extra_hdrs.len = 0;
+                       if ((tmp_extra_hdrs.s = pkg_malloc(1)) == NULL)
+                       {
+                               LM_ERR("Out of pkg memory");
+                               if (msilo_dbf.free_result(db_con, db_res) < 0)
+                                       LM_ERR("failed to free the
query result\n");
+                               msg_list_set_flag(ml, mid, MS_MSG_ERRO);
+                               goto error;
+                       }
+                       tmp_extra_hdrs.s[0]='\x0';
                }
                hdr_str.len = 1024;
                if(m_build_headers(&hdr_str, str_vals[3] /*ctype*/,
Problem appear when we attempt to free tmp_extra_hdrs.s - in case when we assigned "" to it.
Although I allocate (in patch) 1 byte, I set tmp_extra_hdrs.len = 0; to avoid adding wrong headers. When I set tmp_extra_hdrs.len = 1; - I got errors processing message (but no crash of Kamailio).
This problem and patch is found in version 3.3.3 and in development version also.


More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=267

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

