[sr-dev] kamailio 4.0.3 crash

Dragos Oancea droancea at yahoo.com
Thu Nov 21 19:48:41 CET 2013 

Hi

And this is the gdb output for another crash from today as well (very likely the same bug): 
http://pastebin.com/0XU2BRgS


gdb :

(gdb) frame 0
#0  qm_detach_free (qm=0x7f563a226010, size=64) at mem/q_malloc.c:269
269in mem/q_malloc.c
(gdb) 
#0  qm_detach_free (qm=0x7f563a226010, size=64) at mem/q_malloc.c:269
269in mem/q_malloc.c
(gdb) p *frag
$5 = {size = 64, u = {nxt_free = 0x7f563a3ee550, is_free = 140008321115472}}
(gdb) 
$6 = {size = 64, u = {nxt_free = 0x7f563a3ee550, is_free = 140008321115472}}
(gdb) 
$7 = {size = 64, u = {nxt_free = 0x7f563a3ee550, is_free = 140008321115472}}
(gdb) p *((char*)frag + sizeof(struct qm_frag))
$8 = 1 '\001'


Regards,
Dragos




On , Dragos Oancea <droancea at yahoo.com> wrote:
 
Hi

Here is the output:

gdb) 
(gdb) frame 0
#0  qm_detach_free (qm=0x7fd96175e010, size=112) at mem/q_malloc.c:266
266in mem/q_malloc.c
(gdb) 
#0  qm_detach_free (qm=0x7fd96175e010, size=112) at mem/q_malloc.c:266
266in mem/q_malloc.c
(gdb) p *frag
$1 = {size = 7599108840079127868, u = {nxt_free = 0x3965663931343a64, is_free = 4135824228634344036}}
(gdb) 
$2 = {size = 7599108840079127868, u = {nxt_free = 0x3965663931343a64, is_free = 4135824228634344036}}
(gdb) 
$3 = {size = 7599108840079127868, u = {nxt_free = 0x3965663931343a64, is_free = 4135824228634344036}}
(gdb) p *((char*)frag + sizeof(struct qm_frag))
$4 = 99 'c'

Is it okay to run with MEMDBG=1 in production ? Wouldn't it make it a little slow ?

Just let me know if u want so see something else with gdb. Unfortunally  I do not have SIP traces, but I have the core file and some logs.


Regards,
Dragos



On Thursday, November 21, 2013 6:50 PM, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
 
Hello,

can you provde the output in gdb for:


frame 0 p *frag p *((char*)frag + sizeof(struct qm_frag)) 
There were similar reports, so apparently there is a buffer overflow somewhere.

You should update to latest git branch 4.0, because there were
      some other fixes from 4.0.3. With this occasion, you should set
      MEMDBG=1 in Makefile.defs before recompiling the new version to be
      able to catch easier the overwrites of memory.

Cheers,
Daniel

On 11/21/13 6:36 PM, Dragos Oancea wrote:

Hello
>
>
>We had this crash today with kamailio 4.0.3 .
>It ran stable for few weeks until this crash.
>
>
>GDB here:
>
>
>http://pastebin.com/rACV31z8
>
>
>
>
>
>Regards,
>Dragos
>
>
>_______________________________________________
sr-dev mailing list sr-dev at lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev 


-- 
Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Trainings - Berlin, Nov 25-28 - more details about Kamailio trainings at http://www.asipto.com - 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20131121/d4e9b14e/attachment.html>

More information about the sr-dev mailing list