[sr-dev] jsonrpc-s crash

Alex Balashov abalashov at evaristesys.com
Wed Jan 7 08:35:53 CET 2015 

Hi,

I'm running 4.2:ca60c77acddc13d36ab691f8cac1f566323f6d86 and seem to be 
able to dependably crash Kamailio by sending the following JSONRPC 
stanza to the jsonrpc-s module:

{"jsonrpc":2,"id":"126491c7ce1e1ba1552f18ebf1271f19","method":"core.version"}\n

The number of HTTP requests needed to crash it varies, but seems to 
generally be about 8-10 on my system:

Jan  7 02:32:04 localhost /usr/local/sbin/kamailio[2785]: INFO: 
[R-XHTTP-REQUEST:<null>] -> Handling JSON RPC request: /csrp_rpc/
Jan  7 02:32:05 localhost /usr/local/sbin/kamailio[2791]: CRITICAL: 
<core> [pass_fd.c:293]: receive_fd(): EOF on 59
Jan  7 02:32:05 localhost /usr/local/sbin/kamailio[2734]: ALERT: <core> 
[main.c:784]: handle_sigs(): child process 2785 exited by a signal 11
Jan  7 02:32:05 localhost /usr/local/sbin/kamailio[2734]: ALERT: <core> 
[main.c:787]: handle_sigs(): core was generated

The core dump says it's because jsonrpc_dispatch() is being invoked with 
two empty parameters:

#0  0x00007fc2b0b6f171 in __strlen_sse2 () from /lib64/libc.so.6
#1  0x00007fc2a6ffea72 in jsonrpc_dispatch (msg=0x7fff5721ceb0, s1=0x0, 
s2=0x0)
     at jsonrpc-s_mod.c:943
#2  0x000000000041d29b in do_action (h=0x7fff5721cdd0, a=0x7fc2b051b2c0,
     msg=0x7fff5721ceb0) at action.c:1088
#3  0x00000000004299b1 in run_actions (h=0x7fff5721cdd0, a=0x7fc2b051b070,
     msg=0x7fff5721ceb0) at action.c:1583
#4  0x000000000041d204 in do_action (h=0x7fff5721cdd0, a=0x7fc2b051b9d0,
     msg=0x7fff5721ceb0) at action.c:1079
#5  0x00000000004299b1 in run_actions (h=0x7fff5721cdd0, a=0x7fc2b051b9d0,
     msg=0x7fff5721ceb0) at action.c:1583
#6  0x00007fc2a720ad2b in xhttp_process_request (orig_msg=0x7fc2b0561438,
     new_buf=0x7fc2b051d550 "POST /csrp_rpc/ HTTP/1.1\r\nVia: 
SIP/2.0/TCP 172.30.110.4:42861\r\nHost: 172.30.110.4:5060\r\nConnection: 
close\r\nTransfer-Encoding: 
chunked\r\n\r\n{\"jsonrpc\":2,\"id\":\"126491c7ce1e1ba1552f18ebf1271f19\",\"method\":\""..., 
new_len=215) at xhttp_mod.c:284
#7  0x00007fc2a720bd98 in xhttp_handler (msg=0x7fc2b0561438) at 
xhttp_mod.c:359
#8  0x00000000004de163 in nonsip_msg_run_hooks (msg=0x7fc2b0561438)
     at nonsip_hooks.c:125
#9  0x0000000000506999 in receive_msg (
     buf=0x2a9d5a0 "POST /csrp_rpc/ HTTP/1.1\r\nHost: 
172.30.110.4:5060\r\nConnection: close\r\nTransfer-Encoding: 
chunked\r\n\r\n{\"jsonrpc\":2,\"id\":\"126491c7ce1e1ba1552f18ebf1271f19\",\"method\":\"core.version\"}\n", 
len=178,
...

I'll see what changes I can make to try to get it to not crash.

-- 
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Decatur, GA 30030
United States

Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/

More information about the sr-dev mailing list