[sr-dev] [tracker] Task opened: bt:<code>Program terminated with signal 6, Aborted. (kamailio 4.1.1)

sip-router bugtracker at sip-router.org
Sat Jan 25 00:39:34 CET 2014 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Seudin Kasumovic (seudin) 

Attached to Project - sip-router
Summary - bt:<code>Program terminated with signal 6, Aborted. (kamailio 4.1.1)
Task Type - Bug Report
Category - Core
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Normal
Reported Version - Development
Due in Version - Undecided
Due Date - Undecided
Details - Hi all,

kamailio is compiled with mode=debug. I happens when 487 Request Cancelled received.

Abort is raised in script_cb:167
<code>162		unsigned int	flags;
163	
164	#ifdef EXTRA_DEBUG
165		if (type >= SCRIPT_CB_NUM) {
166			LOG(L_BUG, "exec_pre_script_cb: Uknown callback type\n");
167			abort();
168		}
169	#endif
170		flags = PRE_SCRIPT_CB | (1<<(type-1));
171		for (cb=pre_script_cb[type-1]; cb ; cb=cb->next ) {</code>

Check in line 165 is wrong. The BRANCH_FAILURE_CB_TYPE is added in commit 0b79baecf4a36a47522fd222614e370c5d044e8f.

check should be: <code>type > SCRIPT_CB_NUM</code> (or type-1 >= SCRIPT_CB_NUM, or type >= MAX_CB_TYPE),
because pre_script_cb is always accessed by [type-1] (e.g. see line=171).

SCRIPT_CB_NUM is defined here:
script_cb.c:56:#define SCRIPT_CB_NUM	(MAX_CB_TYPE-1)</code>
and used for allocate space:
<code>script_cb.c:58:static struct script_cb *pre_script_cb[SCRIPT_CB_NUM];
script_cb.c:59:static struct script_cb *post_script_cb[SCRIPT_CB_NUM];</code>


bt:<code>Program terminated with signal 6, Aborted.
#0  0xb776a430 in __kernel_vsyscall ()
(gdb) bt
#0  0xb776a430 in __kernel_vsyscall ()
#1  0xb75ef241 in raise () from /lib/libc.so.6
#2  0xb75f0a1e in abort () from /lib/libc.so.6
#3  0x08168475 in exec_pre_script_cb (msg=0xb6dcdc60 <faked_req.10511>, type=BRANCH_FAILURE_CB_TYPE) at script_cb.c:167
#4  0xb6d5a938 in free_faked_req (faked_req=0xb553914c, t=0xb72e1904) at t_reply.c:996
#5  0xb6d5b85b in run_branch_failure_handlers (t=0xb553914c, rpl=0x1e7, code=0, extra_flags=-1074577000) at t_reply.c:1122
#6  0xb6d5d785 in t_retransmit_reply (t=0xb553914c) at t_reply.c:1609
#7  0xb6d60703 in reply_received (p_msg=0xb72e1904) at t_reply.c:2255
#8  0x080e7d25 in forward_request (msg=0xb72e1904, dst=0x0, port=0, send_info=0x0) at forward.c:552
#9  0x080e8599 in forward_request (msg=0xb72e1904, dst=0x3, port=5210, send_info=0x8233d40) at forward.c:614
#10 0x08136aa0 in receive_msg (
    buf=0x82958e0 <buf.6058> "SIP/2.0 487 Request Cancelled\r\nVia: SIP/2.0/UDP 127.0.0.1:5070;rport=5070;branch=z9hG4bK47b3.e74da0151135f7c0ee995dcc0f877c7a.0\r\nVia: SIP/2.0/UDP 127.0.0.1:5090;rport=5090;branch=z9hG4bK6gUQ2ND4N5rjD\r"..., len=683, rcv_info=0xbff34630) at receive.c:273
#11 0x080ac8c9 in udp_init (sock_info=0x2) at udp_server.c:320
#12 0x080fcb3c in main_loop () at main.c:1289
#13 0x080ffc7c in main (argc=5, argv=0xbff34924) at main.c:2074</code>


More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=388

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the sr-dev mailing list