[sr-dev] Crash bug freeing To headers
Alex Balashov
abalashov at evaristesys.com
Thu Sep 5 12:36:11 CEST 2013
On 09/05/2013 06:27 AM, Alex Balashov wrote:
> But, sometimes I get this crash (in the same scenario as below), too:
>
> (gdb) where
> #0 0x000000000055e602 in free_to_params (tb=0x7f95ab472950)
> at parser/parse_to.c:827
> #1 0x000000000055e658 in free_to (tb=0x7f95ab472950) at
> parser/parse_to.c:838
> #2 0x000000000053e2a9 in clean_hdr_field (hf=0x7f95ab4722a0)
> at parser/hf.c:113
> #3 0x000000000053e51d in free_hdr_field_lst (hf=0x7f95ab46f1c0)
> at parser/hf.c:223
> #4 0x0000000000542d04 in free_sip_msg (msg=0x7f95ab471970)
> at parser/msg_parser.c:729
> #5 0x000000000049e39d in receive_msg (
> buf=0x9065c0 "SIP/2.0 404 Not Found\r\nVia: SIP/2.0/UDP
> 55.177.31.199;branch=z9hG4bKa744.4c8811f1.0\r\nVia: SIP/2.0/UDP
> 68.68.120.41:5060;branch=z9hG4bK02B15f46caff804796d\r\nRecord-Route:
> <sip:55.177.31.199;lr=on;ftag=g"..., len=715,
> rcv_info=0x7fff05e5dbc0) at receive.c:296
> #6 0x000000000052ffa1 in udp_rcv_loop () at udp_server.c:557
> #7 0x0000000000467de2 in main_loop () at main.c:1638
> #8 0x000000000046ad8b in main (argc=13, argv=0x7fff05e5def8) at
> main.c:2566
This is the crash I get ~80-90% of the time, though. This leads me to
believe that the To params probably have more to do with it than
anything else, unless the structure of the memory corruption is such
that it just happens to explode there.
--
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Decatur, GA 30030
United States
Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
More information about the sr-dev
mailing list