[sr-dev] app_python: call_function "append_hf" with more than 1 param crashes kamailio

Örn Arnarson orn at arnarson.net
Wed Jul 9 18:49:06 CEST 2014


Kamailio terminates (Signal 15) after app_python crashes (signal 7) when
using call_function("append_hf") with more than 1 parameter.

Jul  9 13:53:18 vcr01 /usr/sbin/kamailio[2699]: ALERT: <core> [main.c:788]:
handle_sigs(): child process 2707 exited by a signal 7
Jul  9 13:53:18 vcr01 /usr/sbin/kamailio[2699]: ALERT: <core> [main.c:791]:
handle_sigs(): core was generated
Jul  9 13:53:18 vcr01 /usr/sbin/kamailio[2699]: INFO: <core> [main.c:803]:
handle_sigs(): INFO: terminating due to SIGCHLD
Jul  9 13:53:18 vcr01 /usr/sbin/kamailio[2706]: INFO: <core> [main.c:854]:
sig_usr(): INFO: signal 15 received

Actually, calling "remove_hf" with call_function seems to do exactly the
same thing.

My problem is that I need to manipulate the Diversion headers (or rather,
add a new Diversion header in the correct place (i.e. above the other
Diversion header), as append_hf will always add it at the bottom.)

I've identified what part of the code makes it crash by returning early,
but it seems to be the fixup part:
    if (fexport->fixup != NULL) {
        if (i >= 3) {
            rval = fexport->fixup(&(act->val[3].u.data), 2);
            if (rval < 0) {
                PyErr_SetString(PyExc_RuntimeError, "Error in fixup (2)");
                Py_INCREF(Py_None);
                return Py_None;
            }
            act->val[3].type = MODFIXUP_ST;
        }
        if (i >= 2) {
            rval = fexport->fixup(&(act->val[2].u.data), 1);
            if (rval < 0) {
                PyErr_SetString(PyExc_RuntimeError, "Error in fixup (1)");
                Py_INCREF(Py_None);
                return Py_None;
            }
            act->val[2].type = MODFIXUP_ST;
        }
        if (i == 1) {
            rval = fexport->fixup(0, 0);
            if (rval < 0) {
                PyErr_SetString(PyExc_RuntimeError, "Error in fixup (0)");
                Py_INCREF(Py_None);
                return Py_None;
            }
        }
    }

I have very little experience with programming in C, and much less
debugging with gdb or something similar, but from comparing this code with
the way the Perl module does this, I couldn't see any obvious problems. I'm
hoping someone with familiarity with the kamailio functions, such as fixup,
might be able to identify the problem.

Judging from the exit code of app_python, my (uninformed) guess would be
that there's an attempt to access or manipulate something in an
out-of-scope memory address.

Any suggestions would be greatly appreciated. I've written a quite large
routing function in python and I'd like to avoid rewriting it in a
different scripting language if possible.

The kamailio version I'm running is 4.0.4

Regards,
Örn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20140709/91c1726b/attachment.html>


More information about the sr-dev mailing list