[SR-Users] Kamailio 4.4.4 crash in tcp_read_headers()

Armen Babikyan armen at firespotter.com
Mon Jun 5 05:19:03 CEST 2017


Hello,

Over the past few months, I've seen a smattering of kamailio crashes on
various systems with identical backtraces: SIGSEGV in tcp_read_headers(),
at tcp_read.c line 628. Example here:

https://pastebin.com/qJ3ypnVz

Note that in frame 0, print *c shows that req->parsed is pointing to an
address exactly 8GB lower than req->buf.  That req->parsed is pointing to
an invalid memory location, crashing kamailio when the location is
dereferenced.  In other coredumps, I see that req->parsed is pointing to an
address exactly 4GB lower than req->buf.

Other info: This is Kamailio 4.4.4 on x86_64.  I've not had success trying
to reproduce this yet.  Also worth noting that the crashes seem to be
consistently associated with processing traffic from a UA connected over
SIP/TCP; I've seen no other transport associated with this crash.

Thoughts are welcome.  Thanks!

Armen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20170604/82d9d3e9/attachment.html>


More information about the sr-users mailing list