[sr-dev] [kamailio/kamailio] crash on run_rr_callbacks() from dlg_onroute() (#1059)

Thu Apr 6 13:06:09 CEST 2017

This is the ``NGCP`` version of 4.4.5
sources at https://github.com/sipwise/kamailio/tree/mr4.5.4 but be aware that list of patches are at https://github.com/sipwise/kamailio/blob/mr4.5.4/debian/patches/series
and I changed the sensible data from the paste

In order you to see the source easily I pasted dlg_handlers.c already patched at https://paste.debian.net/926240/

```
(gdb) f 4
#4  0x00007fae32c3457e in dlg_onroute (req=0x7fae3def7ac8, route_params=0x7fad006e9b1e, 
    param=0x7fff717dab10) at dlg_handlers.c:1350
1350	dlg_handlers.c: No such file or directory.
(gdb) info locals
val = {
  s = 0x9aaf79 <buf+1465> "c68.0d81;ice_caller=strip;ice_callee=strip;aset=50;rtpprx=yes;vsf=Y3Z5enJeQmp8bVRNYGQtEwxdZHR2LHRwc1RAaX0hWEFyMw1mZg-->\r\nP-NGCP-Src-Ip: 172.17.65.99\r\nP-NGCP-Src-Port: 5060\r\nP-NGCP-Src-Proto: udp\r\nP-NG"..., len = 8}
ftag = {
  s = 0x9aabaa <buf+490> "C03675F3E457BC60\r\nTo: <sip:00000000000 at sip.local:5060>;tag=0FC4E4CA-58E4A7D4000A8034-123E3700\r\nCall-ID: 3A477FD70434C083 at 10.10.10.18\r\nCSeq: 5709 BYE\r\nProxy-Authorization: Digest username=\"2233"..., len = 16}
old_state = 4
dir = 1
ret = 0
callid = {
  s = 0x9aac1a <buf+602> "3A477FD70434C083 at 10.10.10.18\r\nCSeq: 5709 BYE\r\nProxy-Authorization: Digest username=\"1111111111\", realm=\"sip.local\", nonce=\"WOUBrFjkp9Qj4YjEwa9jvelH7ty68fD/\", uri=\"sip:00000000000 at 172.17.66.118"..., len = 28}
new_state = 5
unref = 1
event = 10498440
dlg = 0x7fad74f20258
ttag = {
  s = 0x9aabed <buf+557> "0FC4E4CA-58E4A7D4000A8034-123E3700\r\nCall-ID: 3A477FD70434C083 at 10.10.10.18\r\nCSeq: 5709 BYE\r\nProxy-Authorization: Digest username=\"1111111111\", realm=\"sip.local\", nonce=\"WOUBrFjkp9Qj4YjEwa9jvelH"..., len = 34}
h_id = 854147520
dlg = 0x7fad00000000
```

So relevant code is too
```
			LM_WARN("inconsitent dlg timer data on dlg %p [%u:%u] "
				"with clid '%.*s' and tags '%.*s' '%.*s'\n",
				dlg, dlg->h_entry, dlg->h_id,
				dlg->callid.len, dlg->callid.s,
				dlg->tag[DLG_CALLER_LEG].len, dlg->tag[DLG_CALLER_LEG].s,
				dlg->tag[DLG_CALLEE_LEG].len, dlg->tag[DLG_CALLEE_LEG].s);
```

> So no strlen() to be used there.

but the ``strlen() `` is coming from ``syslog()``

I would say the problem is  ``dlg`` is gone from memory when trying to use the string 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1059#issuecomment-292140868
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20170406/6c2a0ff4/attachment.html>