[SR-Users] Kamailio v4.0.5 crash - transformations related ?

Daniel-Constantin Mierla miconda at gmail.com
Fri May 2 19:31:16 CEST 2014 

Hello,

do you know if it was an ACK for a negative response?

I looked a bit over the code and the issue could be with the lifetime of 
the dlg variable.

Cheers,
Daniel

On 30/04/14 13:39, Dragos Oancea wrote:
> Hi
>
> We experimented a crash with kamailio 4.0.5 , it looks like a memory 
> corruption.
>
> After an analyse of the core file,  it appears that it crashed while 
> doing a str2int transformation (trying to convert the value of myvar 
> to int):
>
>
>  if (($(dlg_var("myvar"){s.int}) == 0) && some_other_condition ) {
> do_something();
> }
>
>
>
> gdb output:
>
> (gdb) frame 4
> #4  0x00000000004bcb77 in rval_get_btype (h=0x7fffd69713d0, 
> msg=0x7ffc8a58a4d0, rv=0x7ffc8a3dfc18, val_cache=0x7fffd69706a0) at 
> rvalue.c:418
> 418in rvalue.c
> (gdb) i loc
> r_avp = 0x7fffd69709b0
> tmp_avp_val = {n = -1975661232, s = {s = 0x7ffc8a3dcd50 "\034\001", 
> len = -1973902128}, re = 0x7ffc8a3dcd50}
> avpv = 0x7fffd6970928
> tmp_pval = {rs = {s = 0x7ffc8a5b86e0 "route[MAIN]: 
> call-id=52e8c2b553540db4 from=987654321 to=+1234567890 : ACK 
> ip=10.0.x.x", len = -1975658024}, ri = -694745968, flags = 32767}
> pv = 0x7fffd69706a8
> tmp = RV_NONE
> ptype = 0x7ffc8a58a4d0
> __FUNCTION__ = "rval_get_btype"
> (gdb) p *pv
> $8 = {rs = {s = 0x7069736f58652820 <Address 0x7069736f58652820 out of 
> bounds>, len = 775106354}, ri = 0, flags = 4}
> (gdb) p val_cache->c.pval
> $9 = {rs = {s = 0x7069736f58652820 <Address 0x7069736f58652820 out of 
> bounds>, len = 775106354}, ri = 0, flags = 4}   <-  the value of s is 
> invalid, it's a string from a SIP message.
>
>
> Full GDB backtrace and info locals here :
> kamailio 4.0.5 crash - memory corruption ? - Pastebin.com 
> <http://pastebin.com/9S06nsyd>
>
>
> 	
> image <http://pastebin.com/9S06nsyd>
> 	
> 	
> kamailio 4.0.5 crash - memory corruption ? - Pastebin.co... 
> <http://pastebin.com/9S06nsyd>
> (gdb) bt full #0  0x00007ffc822851e8 in str2sint (_s=0x7fffd69706a8, 
> _r=0x7fffd69706b8) at ../../ut.h:681         i = 0         sign = 1
> 	
> View on pastebin.com <http://pastebin.com/9S06nsyd>
> 	
> Preview by Yahoo
>
>
>
> I still have the core file and I can help with further analysis  .
>
>
> Regards,
> Dragos
>
> PS: Kamailio still rocks.
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140502/689f0141/attachment.html>

More information about the sr-users mailing list