[sr-dev] [kamailio/kamailio] Crash in pdb module (#1985)

Daniel-Constantin Mierla notifications at github.com
Tue Jun 18 16:37:19 CEST 2019 

### Description

Investigating a report on a Kamailio crash, it led to pdb module, with the following backtrace:

```
#0  0x0000000000000000 in ?? ()
#1  0x00007f870472fa33 in vfprintf () from /lib64/libc.so.6
#2  0x00007f87047562bb in vsprintf () from /lib64/libc.so.6
#3  0x00007f8704738457 in sprintf () from /lib64/libc.so.6
#4  0x00007f86f881c6f9 in pdb_msg_dbg (msg=..., dbg_msg=0x7f86f8828313 "Kamailio pdb client receives:") at pdb.c:152
#5  0x00007f86f88204e4 in pdb_query (_msg=0x7f8700fae068, _number=0x7f8700fa2e88, _dstavp=0x7f8700fa2f10) at pdb.c:335
#6  0x000000000047b72c in do_action (h=0x7ffeb03d10e0, a=0x7f8700abf678, msg=0x7f8700fae068) at core/action.c:1079
#7  0x0000000000487e70 in run_actions (h=0x7ffeb03d10e0, a=0x7f8700abf678, msg=0x7f8700fae068) at core/action.c:1569
#8  0x0000000000488531 in run_actions_safe (h=0x7ffeb03d3180, a=0x7f8700abf678, msg=0x7f8700fae068) at core/action.c:1633
#9  0x0000000000447f40 in rval_get_int (h=0x7ffeb03d3180, msg=0x7f8700fae068, i=0x7ffeb03d18b0, rv=0x7f8700ac0148, cache=0x0) at core/rvalue.c:912
#10 0x000000000044c4f0 in rval_expr_eval_int (h=0x7ffeb03d3180, msg=0x7f8700fae068, res=0x7ffeb03d18b0, rve=0x7f8700ac0140) at core/rvalue.c:1910
```

Looking at the data in frame 4, it looks that an empty (0-ed) pdb structure is printed:

```
(gdb) frame 4
#4  0x00007f86f881c6f9 in pdb_msg_dbg (msg=..., dbg_msg=0x7f86f8828313 "Kamailio pdb client receives:") at pdb.c:152
152	        ptr += sprintf(ptr,"%02X ", msg.bdy.payload[i]);
(gdb) p i
$1 = 263
(gdb) p msg
$2 = {hdr = {version = 0 '\000', type = 0 '\000', code = 0 '\000', length = 0 '\000', id = 0}, bdy = {payload = '\000' <repeats 248 times>}}
(gdb) p msg.hdr.length
$3 = 0 '\000'
```
I just pushed commit 3c07e2351a94e4ff2cf3c6b9b9df4d7462cd5760 for a safety check, but not being the developer of the module, I am not sure it is supposed to deal with a 0-ed pdb structure, or the issue is somewhere else, leading to this 0-only structure content.

Therefore I am opening this one for further analyze, if the commit above is enough, just close the issue.

### Troubleshooting

#### Reproduction

Try to send traffic to a config using pdb matching PDB_VERSION_1.

#### Debugging Data

```
gdb backtrace above
```

#### Log Messages

```
N/A
```

#### SIP Traffic


```
N/A
```

### Possible Solutions


### Additional Information

  * **Kamailio Version** - output of `kamailio -v`

```
kamailio -v
version: kamailio 5.2.3 (x86_64/linux) c36229
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: c36229
compiled on 10:34:54 Jun 13 2019 with gcc 4.8.5
```

* **Operating System**:


```
CentOS 7 with Kamailio installed from RPM (using opensuse build service repo)
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1985
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20190618/e8c86c00/attachment-0001.html>

More information about the sr-dev mailing list