[prev in list] [next in list] [prev in thread] [next in thread]
List: sr-dev
Subject: [sr-dev] [tracker] Task opened: Crash in core when freeing shm dup'ed request (Attachment added)
From: sip-router <bugtracker () sip-router ! org>
Date: 2014-07-28 13:44:35
Message-ID: 1406555075.53d653c3bb266 () sip-router ! org
[Download RAW message or body]
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
A new Flyspray task has been opened. Details are below.
User who did this - Hugh Waite (hugh.waite)
Attached to Project - sip-router
Summary - Crash in core when freeing shm dup'ed request
Task Type - Bug Report
Category - Core
Status - New
Assigned To -
Operating System - All
Severity - High
Priority - Normal
Reported Version - Development
Due in Version - Undecided
Due Date - Undecided
Details - I have found a crash in core/tm which is easily reproducible.
An OPTIONS passes through kamailio to another kamailio server which responds with a \
403. The response enters a failure route and crashes (due to an abort) when \
attempting to free the memory in the faked_req structure.
Attached is the backtrace and the relevant section of the DEBUG level output.
It appears from the DEBUG, that a pkg-memory address is stored in the shm_cloned \
structure, which is invalid when attempting to free from a different process. The \
allocated address in this core is 0x7fd12559ee28 called from parse_from_header.
This only occurs when the Via branch is 'pre-RFC3261'. In this case the perpetrator \
is using "branch=foo".
I think the allocation occurs in char_msg_val.h:83 where the from body is parsed to \
extract the tag (only for pre-3261 requests). h_table.c:309 build_cell
h_table.c:390 init_synonym_id
h_table.c:274 char_mag_val
The tm module is pretty stable (last relevant change was removing the syn_branch \
parameter in May 2013) so I would rather have some guidance before making changes.
One or more files have been attached.
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=454
You are receiving this message because you have requested it from the Flyspray \
bugtracking system. If you did not expect this message or don't want to receive \
mails in future, you can change your notification settings at the URL shown above.
_______________________________________________
sr-dev mailing list
sr-dev@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic