Dan,
Yes, good observation that c pointer is invalid - but it is not because
of an overflow, but it rather seems that the msg->contact->parsed (where
the "c" is read from) was populated with a pkg pointer in a different
process.
Regards
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 2019
https://www.opensips.org/events/Summit-2019Amsterdam/
On 06/06/2019 05:01 PM, Dan Pascu wrote:
Looks like buffer overflow. That c variable in the first frame should be a memory address, but
instead it contains "lo EYB", which I guess is "BYE ol" on little endian
machines. Looks like some parsed part of the message spilled over and overwrote memory pointers.
On 5 Jun 2019, at 22:02, Ben Newlin wrote:
We have had another crash today.
Backtrace is here: https://pastebin.com/q4RQC7kS
I found this in the log at the time of the crash:
Jun 5 17:54:10 [4978] CRITICAL:core:sig_usr: segfault in process pid: 4978, id: 8
Please let me know if any further information can be useful.
Ben Newlin
From: Devel <devel-boun...@lists.opensips.org> on behalf of Ben Newlin <ben.new...@genesys.com>
Reply-To: OpenSIPS devel mailling list <devel@lists.opensips.org>
Date: Friday, May 10, 2019 at 6:31 PM
To: OpenSIPS devel mailling list <devel@lists.opensips.org>
Subject: Re: [OpenSIPS-Devel] OpenSIPS Crash
I found this in the log at the time of the crash:
kernel: opensips[5003]: segfault at 30 ip 00007fbd4c8f59d0 sp 00007ffcaa850c80 error 6 in tm.so[7fbd4c887000+8e000]
Ben Newlin
From: Devel <devel-boun...@lists.opensips.org> on behalf of Ben Newlin <ben.new...@genesys.com>
Reply-To: OpenSIPS devel mailling list <devel@lists.opensips.org>
Date: Friday, May 10, 2019 at 5:44 PM
To: OpenSIPS devel mailling list <devel@lists.opensips.org>
Subject: [OpenSIPS-Devel] OpenSIPS Crash
Hello,
We had a crash today of our OpenSIPS instance.
Backtrace is here: https://pastebin.com/QbRJimwx
# opensips -V
version: opensips 2.4.5 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
git revision: d025b4f61
main.c compiled on 20:58:31 May 9 2019 with gcc 7
Ben Newlin
_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
--
Dan
_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel