[sr-dev] [kamailio/kamailio] Segmentation fault while parsing incorrect config (#2630)

Marat notifications at github.com
Tue Feb 9 16:12:40 CET 2021 

<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for bug reports.

If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:

  * http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:

  * http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.

If there is no content to be filled in a section, the entire section can be removed.

You can delete the comments from the template sections when filling.

You can delete next line and everything above before submitting (it is a comment).
-->

### Description

I get SIGSEGV in the start-up time with the wrong kamailio config.
To get a backtrace, I set up gdb:
```
gdb --args /home/devel/build_dir/build/sbin/kamailio -m 8 -n 1 -w . -f /tmp/kamailio.cfg
(gdb) start
(gdb) c
```
Then I see the error and the gdb output (attached below).

### Troubleshooting

#### Reproduction

Pass to `ds_select_domain` non-constant value, e.g.
```
$avp(num) = 13;
if (!ds_select_domain( 101, 4, $avp(num) )) {
  return 1;
}
```

#### Debugging Data

```
Program received signal SIGSEGV, Segmentation fault.
0x00000000006a1daf in rve_destroy (rve=0x6f6c5f7265766f6c) at core/rvalue.c:147
147			if (rve->op==RVE_RVAL_OP){
Missing separate debuginfos, use: debuginfo-install audit-libs-2.8.5-4.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 elfutils-libelf-0.176-4.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-46.el7.x86_64 libacl-2.2.51-15.el7.x86_64 libattr-2.4.46-13.el7.x86_64 libcap-2.22-11.el7.x86_64 libcap-ng-0.7.5-4.el7.x86_64 libcom_err-1.42.9-17.el7.x86_64 libdb-5.3.21-25.el7.x86_64 libgcc-4.8.5-39.el7.x86_64 libselinux-2.5-15.el7.x86_64 libstdc++-4.8.5-39.el7.x86_64 lm_sensors-libs-3.4.0-8.20160601gitf9185e5.el7.x86_64 lua-5.1.4-15.el7.x86_64 net-snmp-agent-libs-5.7.2-48.el7_8.1.x86_64 net-snmp-libs-5.7.2-48.el7_8.1.x86_64 nspr-4.21.0-1.el7.x86_64 nss-3.44.0-7.el7_7.x86_64 nss-softokn-freebl-3.44.0-8.el7_7.x86_64 nss-util-3.44.0-4.el7_7.x86_64 openssl-libs-1.0.2k-19.el7.x86_64 pcre-8.32-17.el7.x86_64 perl-libs-5.16.3-295.el7.x86_64 popt-1.13-16.el7.x86_64 rpm-libs-4.11.3-43.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-18.el7.x86_64
(gdb) bt
#0  0x00000000006a1daf in rve_destroy (rve=0x6f6c5f7265766f6c) at core/rvalue.c:147
#1  0x00000000006a266e in rve_destroy (rve=0x7ffff6c77f08) at core/rvalue.c:168
#2  0x00000000007d2884 in free_mod_func_action (a=0x7ffff6c76658) at core/cfg.y:4047
#3  0x00000000007ce97f in yyparse () at core/cfg.y:3459
#4  0x000000000042f396 in main (argc=9, argv=0x7fffffffe448) at main.c:2320
(gdb) p rve
$1 = (struct rval_expr *) 0x6f6c5f7265766f6c
(gdb) p rve->op
Cannot access memory at address 0x6f6c5f7265766f6c
(gdb) 
```

#### Log Messages

<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->

```
 0(425) CRITICAL: <core> [core/cfg.y:3589]: yyerror_at(): parse error in config file /tmp/kamailio.cfg, line 653, column 58-66: function ds_select_domain: parameter 3 is not constant
```

### Possible Solutions

<!--
If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a fix.
-->

### Additional Information

  * **Kamailio Version** - output of `kamailio -v`

```
version: kamailio 5.4.3 (x86_64/linux) 430602
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 430602 
compiled on 17:40:07 Jan 29 2021 with gcc 4.8.5
```

* **Operating System**:

<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `uname -a`)
-->

```
(paste your output here)
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2630
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210209/6c549d66/attachment-0001.htm>

More information about the sr-dev mailing list