[SR-Users] Crash ims_diameter_server

Iman Mohammadi iman.mohammadi.telecom at gmail.com
Wed Oct 31 19:24:56 CET 2018 

When the below format is sent from rest , kamailio crashes

List[{
List[{
List[{
             ]}
             ]}
             ]}
(Json with 3 nested lists),
With 2 lists it works properly,
When diameter is translated to json with 3 lists by this module it also
works properly,
Json format is correct too.

gdb:

gdb) bt full
#0  0x00007f5e23c4a11e in diameterserver_add_avp (m=0x0,
d=0x7f5e1b5c2240 "", len=12, avp_code=431, flags=64, vendorid=0,
data_do=2,
    func=0x7f5e23c51d6c <__FUNCTION__.20148> "parselist") at avp_helper.c:208
        avp = 0x7f5e1b5c3bd0
        __FUNCTION__ = "diameterserver_add_avp"
#1  0x00007f5e23c4d0c8 in parselist (response=0x0,
list=0x7fff9f21a8d0, item=0x11b67d0, level=2) at avp_helper.c:309
        i = 1
        flags = 64
        x = "p\250!\237"
        avp_list = {head = 0x0, tail = 0x0}
        avp_list_s = {s = 0x7f5e1b5c2240 "", len = 12}
        __FUNCTION__ = "parselist"
#2  0x00007f5e23c4cffc in parselist (response=0x7f5e1b5c3ab8,
list=0x0, item=0x11b6550, level=1) at avp_helper.c:304
        subitem = 0x11b67d0
        i = 0
        flags = 64
        x = "\000\000\000"
        avp_list = {head = 0x0, tail = 0x0}
        avp_list_s = {s = 0x7fff9f21a8f0 "@\251!\237\377\177", len = 600070897}
        __FUNCTION__ = "parselist"
#3  0x00007f5e23c4db3a in addAVPsfromJSON (response=0x7f5e1b5c3ab8,
json=0x7f5e23e53950 <responsejson>) at avp_helper.c:349
        subitem = 0x11b6550
        i = 4
        __FUNCTION__ = "addAVPsfromJSON"
        root = 0x11b4210
#4  0x00007f5e23c3fbdb in callback_cdp_request
(request_in=0x7f5e1b5c19b0, param=0x0) at ims_diameter_server.c:193
        fmsg = 0xab7840 <_faked_msg>
        backup_rt = 1
        ctx = {rec_lev = 0, run_flags = 0, last_retcode = 1, jmp_env =
{{__jmpbuf = {1, -5713032302318786866, 7971288, 7971288,
                140042162528420, 0, -5713032302339758386,
5712822384154044110}, __mask_was_saved = 0, __saved_mask = {__val = {
                  140735863172072, 127, 0, 140042162532340,
140042389578761, 4222451713, 140042162532340, 140042162532340,
140042162532340,
                  140042162532340, 140042162532358, 140042162532467,
140042162532340, 140042162532467, 0, 0}}}}}
        response = 0x7f5e1b5c3ab8
        __FUNCTION__ = "callback_cdp_request"
#5  0x00007f5e24a705c0 in api_callback (p=0x7f5e1b598f50,
msg=0x7f5e1b5c19b0, ptr=0x0) at api_process.c:83
        t = 0x7f5e1b598f50
        auto_drop = 32767
        h = 0x7f5e1b5b3358
---Type <return> to continue, or q <return> to quit---
        x = {type = (unknown: 2669784000), handler = {requestHandler =
0x7f5e23c3eed1 <callback_cdp_request>,
            responseHandler = 0x7f5e23c3eed1 <callback_cdp_request>},
param = 0x3ee9f21ac10, next = 0x7f5e1b5988b8, prev = 0x19f210069}
        type = REQUEST_HANDLER
        rsp = 0x7f5e1b5c19b0
        __FUNCTION__ = "api_callback"
#6  0x00007f5e24a857d7 in worker_process (id=5) at worker.c:346
        t = {p = 0x7f5e1b598f50, msg = 0x7f5e1b5c19b0}
        cb = 0x7f5e1b59df30
        r = 128
        __FUNCTION__ = "worker_process"
#7  0x00007f5e24a62a8e in diameter_peer_start (blocking=0) at
diameter_peer.c:242
        pid = 0
        k = 5
        p = 0x36
        __FUNCTION__ = "diameter_peer_start"
#8  0x00007f5e24a559bc in cdp_child_init (rank=0) at cdp_mod.c:243
        __FUNCTION__ = "cdp_child_init"
#9  0x0000000000547e54 in init_mod_child (m=0x7f5e28656fb8, rank=0) at
core/sr_module.c:943
        __FUNCTION__ = "init_mod_child"
#10 0x0000000000547b16 in init_mod_child (m=0x7f5e28657c38, rank=0) at
core/sr_module.c:939
        __FUNCTION__ = "init_mod_child"
#11 0x0000000000547b16 in init_mod_child (m=0x7f5e28658010, rank=0) at
core/sr_module.c:939
        __FUNCTION__ = "init_mod_child"
#12 0x0000000000547b16 in init_mod_child (m=0x7f5e28658790, rank=0) at
core/sr_module.c:939
        __FUNCTION__ = "init_mod_child"
#13 0x0000000000547b16 in init_mod_child (m=0x7f5e28658d68, rank=0) at
core/sr_module.c:939
        __FUNCTION__ = "init_mod_child"
#14 0x00000000005481e6 in init_child (rank=0) at core/sr_module.c:970
No locals.
#15 0x00000000004250f5 in main_loop () at main.c:1701
        i = 8
        pid = 1964
        si = 0x0
        si_desc = "udp receiver child=7
sock=10.25.5.23:5060\000y\000\000\000\000\000x\333i(^\177\000\000@\264!\237\377\177",
'\000' <repeats 18 times>,
"`\263!\237\377\177\000\000\347L\340(^\177\000\000\360\260!\237\377\177\000\000\060\000\000\000\060\000\000\000\260\261!\237\377\177\000\000\350\226i(^\177\000"
        nrprocs = 8
---Type <return> to continue, or q <return> to quit---
        woneinit = 1
        __FUNCTION__ = "main_loop"
#16 0x000000000042b99b in main (argc=13, argv=0x7fff9f21b448) at main.c:2638
        cfg_stream = 0x111c020
        c = -1
        r = 0
        tmp = 0x7fff9f21bf69 ""
        tmp_len = 32606
        port = 693647725
        proto = 0
        options = 0x74cd90
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
        ret = -1
        seed = 898203166
        rfd = 4
        debug_save = 0
        debug_flag = 0
        dont_fork_cnt = 0
        n_lst = 0x7fff9f21b300
        p = 0x7fff9f21b4b8 "\207\277!\237\377\177"
        st = {st_dev = 15, st_ino = 13240, st_nlink = 2, st_mode =
16877, st_uid = 110, st_gid = 116, __pad0 = 0, st_rdev = 0, st_size =
60,
          st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec =
1540797448, tv_nsec = 544589798}, st_mtim = {tv_sec = 1540797905,
            tv_nsec = 662909589}, st_ctim = {tv_sec = 1540798045,
tv_nsec = 563947001}, __glibc_reserved = {0, 0, 0}}
        __FUNCTION__ = "main"
(gdb)
(gdb)

Where is problem?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20181031/3304e97f/attachment.html>

More information about the sr-users mailing list