[sr-dev] [kamailio/kamailio] cfgt: crash trying to get $T_rpl() value using pv_get_spec_value() (#2479)

[Victor Seva]

crash is due to tmx/t_var.c at 206:
``
	memcpy(_pv_trpl.buf, t->uac[branch].reply->buf, t->uac[branch].reply->len);
``

```
(gdb) f 1
#1  pv_t_update_rpl (msg=<optimized out>) at t_var.c:206
206     in t_var.c
(gdb) p t
$1 = (struct cell *) 0x7f59ab5c4f28
(gdb) p t->uac
$2 = (struct ua_client *) 0x7f59ab5c51b8
(gdb) p t->uac[branch]
$3 = {reply = 0x0, end_reply = 0x0, request = {rbtype = 0, flags = 172, t_active = 0, branch = 0, buffer_len = 1657, 
    buffer = 0x7f59ab600680 "INVITE sip:testuser1003 at 127.1.0.1:50604 SIP/2.0\r\nRecord-Route: <sip:127.0.0.1:5062;lr=on;ftag=11791SIPpTag001;did=5a5.6a01;ice_caller=strip;ice_callee=strip;aset=50;rtpprx=yes;vsf=SlRwVBghIw0wLT9zNQYk"..., 
    my_T = 0x7f59ab5c4f28, timer = {next = 0x0, prev = 0x0, expire = 352338360, initial_timeout = 16, data = 0x7d0, f = 0x7f59b5a813c0 <retr_buf_handler>, flags = 513, slow_idx = 0}, dst = {send_sock = 0x7f59b68e9290, to = {s = {sa_family = 2, 
          sa_data = "\023\330\177\000\000\001\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 55315, sin_addr = {s_addr = 16777343}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 55315, 
          sin6_flowinfo = 16777343, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}, sas = {ss_family = 2, 
          __ss_padding = "\023\330\177\000\000\001", '\000' <repeats 111 times>, __ss_align = 0}}, id = 0, send_flags = {f = 4, blst_imask = 0}, proto = 1 '\001', proto_pad0 = 0 '\000', proto_pad1 = 0}, retr_expire = 352338360, fr_expire = 352341219}, 
  local_cancel = {rbtype = 0, flags = 0, t_active = 0, branch = 0, buffer_len = 0, buffer = 0x0, my_T = 0x7f59ab5c4f28, timer = {next = 0x0, prev = 0x0, expire = 0, initial_timeout = 0, data = 0x0, f = 0x7f59b5a813c0 <retr_buf_handler>, flags = 0, 
      slow_idx = 0}, dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 0, 
          sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}, sas = {ss_family = 0, 
          __ss_padding = '\000' <repeats 117 times>, __ss_align = 0}}, id = 0, send_flags = {f = 0, blst_imask = 0}, proto = 0 '\000', proto_pad0 = 0 '\000', proto_pad1 = 0}, retr_expire = 0, fr_expire = 0}, dns_h = {srv = 0x0, a = 0x0, 
    srv_tried_rrs = 0, port = 0, srv_no = 0 '\000', ip_no = 0 '\000', proto = 0 '\000'}, uri = {
    s = 0x7f59ab600687 "sip:testuser1003 at 127.1.0.1:50604 SIP/2.0\r\nRecord-Route: <sip:127.0.0.1:5062;lr=on;ftag=11791SIPpTag001;did=5a5.6a01;ice_caller=strip;ice_callee=strip;aset=50;rtpprx=yes;vsf=SlRwVBghIw0wLT9zNQYkMA93fEh"..., len = 32}, path = {
    s = 0x7f59ab600d68 "<sip:lb at 127.0.0.1;lr;socket=sip:127.0.0.1:5060>", len = 47}, instance = {s = 0x0, len = 0}, ruid = {s = 0x7f59ab600e00 "uloc-5f61608a-7966-8", len = 20}, location_ua = {s = 0x7f59ab600e80 "n/a", len = 3}, last_received = 302, 
  flags = 5, branch_flags = 134259714, icode = 0, local_ack = 0x0, on_failure = 6, on_branch_failure = 0, on_reply = 2, on_unused = 0}
(gdb) p t->uac[branch].reply
$4 = (struct sip_msg *) 0x0
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2479#issuecomment-693343276
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200916/6050c552/attachment.htm>