[sr-dev] [kamailio/kamailio] coredump when used append_body_part (#1631)

Sat Sep 1 23:09:29 CEST 2018

### Description
I want convert `application/sdp` body of INVITE message to `multipart/mixed`. For this used [contruction](https://kamailio.org/docs/modules/devel/modules/textops.html#textops.f.set_body_multipart)
```
set_body_multipart("test", "text/plain", "delimiter");
msg_apply_changes();
$var(b) = "7e Od 04 55 75 69 20 4d 61 6b 65 43 61 6c 6c"
append_body_part("$var(b)", "application/vnd.cirpack.isdn-ext", "signal;handling=required");
```
For some reason `msg_apply_changes` is not applied and then  `append_body_part` causes coredump.

### Troubleshooting

#### Reproduction
On alpine dist or on docker contained `kamailio/kamailio-ci` need add load [kazoo config](https://github.com/2600hz/kazoo-configs-kamailio) and apply this patch
```

diff --git a/kamailio/default.cfg b/kamailio/default.cfg
index bc4a084..4b85642 100644
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@@ -334,6 +334,13 @@ route
     route(AUTHORIZATION_CHECK);
     #!endif

+    if (is_method("INVITE") && isflagset(FLAG_INTERNALLY_SOURCED)) {
+        set_body_multipart();
+        msg_apply_changes();
+        $var(b) = "7e Od 04 55 75 69 20 4d 61 6b 65 43 61 6c 6c";
+        append_body_part("$var(b)", "application/vnd.cirpack.isdn-ext", "signal;handling=required");
+    }
+
     route(HANDLE_MESSAGE_WRAPPER);

     #!ifdef PRESENCE_ROLE
```
Then make call to other phone.

#### Debugging Data
```
(gdb) bt
#0  0x00007f1235f96f1b in __syscall4 (a4=<optimized out>, a3=<optimized out>, a2=<optimized out>, a1=<optimized out>, n=<optimized out>)
    at ./arch/x86_64/syscall_arch.h:38
#1  __restore_sigs (set=set at entry=0x7ffc151162d0) at src/signal/block.c:43
#2  0x00007f1235f97035 in raise (sig=sig at entry=6) at src/signal/raise.c:13
#3  0x00007f1235f6efb4 in abort () at src/exit/abort.c:9
#4  0x00005598707495a2 in free_lump (lmp=0x7f1235e76478) at core/data_lump.c:464
#5  0x000055987074965d in free_lump_list (l=l at entry=0x7f1235e763d8) at core/data_lump.c:498
#6  0x000055987074983a in del_nonshm_lump (lump_list=lump_list at entry=0x7f1235e737b8) at core/data_lump.c:647
#7  0x0000559870785c43 in replace_body (msg=msg at entry=0x7f1235e73208, txt=...) at core/msg_translator.c:1667
#8  0x000055987078d205 in check_boundaries (msg=msg at entry=0x7f1235e73208, send_info=send_info at entry=0x7f12322d6df8) at core/msg_translator.c:1874
#9  0x000055987078d5d3 in build_req_buf_from_sip_req (msg=msg at entry=0x7f1235e73208, returned_len=returned_len at entry=0x7ffc151166fc, 
    send_info=0x7f12322d6df8, mode=mode at entry=128) at core/msg_translator.c:1979
#10 0x00007f123602a1ec in prepare_new_uac (t=t at entry=0x7f12322d6b90, i_req=i_req at entry=0x7f1235e73208, branch=branch at entry=0, uri=<optimized out>, 
    uri at entry=0x7f1235e73480, path=<optimized out>, next_hop=<optimized out>, fsocket=0x7f1235e5ba50, snd_flags=..., fproto=0, flags=0, 
    instance=<optimized out>, ruid=<optimized out>, location_ua=<optimized out>) at t_fwd.c:474
#11 0x00007f123602b665 in add_uac (t=t at entry=0x7f12322d6b90, request=request at entry=0x7f1235e73208, uri=0x7f1235e73480, next_hop=<optimized out>, 
    path=<optimized out>, proxy=proxy at entry=0x0, fsocket=0x7f1235e5ba50, snd_flags=..., proto=0, flags=0, instance=0x7f1235e73850, ruid=0x7f1235e73868, 
    location_ua=0x7f1235e73878) at t_fwd.c:800
#12 0x00007f12360307b8 in t_forward_nonack (t=0x7f12322d6b90, p_msg=p_msg at entry=0x7f1235e73208, proxy=proxy at entry=0x0, proto=proto at entry=0) at t_fwd.c:1680
#13 0x00007f123603ee65 in t_relay_to (p_msg=0x7f1235e73208, proxy=0x0, proto=0, replicate=0) at t_funcs.c:331
#14 0x000055987076fbb8 in do_action (h=h at entry=0x7ffc15118360, a=a at entry=0x7f1235bbf528, msg=msg at entry=0x7f1235e73208) at core/action.c:1073
#15 0x000055987076ac5d in run_actions (h=h at entry=0x7ffc15118360, a=0x7f1235bb1c28, msg=msg at entry=0x7f1235e73208) at core/action.c:1565
#16 0x000055987076dbb3 in do_action (h=h at entry=0x7ffc15118360, a=a at entry=0x7f1235bad570, msg=msg at entry=0x7f1235e73208) at core/action.c:691
#17 0x000055987076ac5d in run_actions (h=h at entry=0x7ffc15118360, a=0x7f1235bad570, msg=msg at entry=0x7f1235e73208) at core/action.c:1565
#18 0x000055987076fb99 in do_action (h=h at entry=0x7ffc15118360, a=a at entry=0x7f1235baf5c8, msg=msg at entry=0x7f1235e73208) at core/action.c:1062
#19 0x000055987076ac5d in run_actions (h=h at entry=0x7ffc15118360, a=0x7f1235bac9d0, msg=msg at entry=0x7f1235e73208) at core/action.c:1565
#20 0x000055987076dbb3 in do_action (h=h at entry=0x7ffc15118360, a=a at entry=0x7f1235b71db8, msg=msg at entry=0x7f1235e73208) at core/action.c:691
#21 0x000055987076ac5d in run_actions (h=h at entry=0x7ffc15118360, a=a at entry=0x7f1235b69540, msg=msg at entry=0x7f1235e73208) at core/action.c:1565
#22 0x0000559870775dc7 in run_top_route (a=0x7f1235b69540, msg=msg at entry=0x7f1235e73208, c=c at entry=0x0) at core/action.c:1654
#23 0x00005598707660c1 in receive_msg (
    buf=buf at entry=0x559870a51640 <buf> "INVITE sip:safarov2 at node1.nga911.com SIP/2.0\r\nVia: SIP/2.0/UDP 10.0.9.35:11000;rport;branch=z9hG4bK69ag32Nr5gFjH\r\nRoute: <sip:10.0.9.39:5060>\r\nMax-Forwards: 48\r\nFrom: \"Sergey Safarov\" <sip:1240 at node1."..., len=<optimized out>, 
    rcv_info=rcv_info at entry=0x7ffc151186c0) at core/receive.c:278
#24 0x00005598708131fb in udp_rcv_loop () at core/udp_server.c:554
#25 0x0000559870744fb6 in main_loop () at main.c:1619
#26 0x000055987073d51f in main (argc=<optimized out>, argv=<optimized out>) at main.c:2638
```
Full backtrace at [bt_full.txt](https://github.com/kamailio/kamailio/files/2342768/bt_full.txt)

#### Log Messages
Please look [kamailio_console.txt](https://github.com/kamailio/kamailio/files/2342769/kamailio_console.txt)


#### SIP Traffic
Crash when started modification of packet 73 of pcap file [sip.pcap.gz](https://github.com/kamailio/kamailio/files/2342770/sip.pcap.gz)

### Possible Solutions
Not known

### Additional Information

  * **Kamailio Version** - output of `kamailio -v`

```
/ # kamailio -v
version: kamailio 5.1.5 (x86_64/linux) 
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown 
compiled on 16:32:28 Sep  1 2018 with gcc 6.4.0
```

* **Operating System**:
```
/ # cat /etc/os-release 
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.8.0
PRETTY_NAME="Alpine Linux v3.8"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20180901/2f91faeb/attachment.html>
