Re: [OpenSIPS-Devel] OpenSIPS Crash

Thu, 06 Jun 2019 08:45:20 -0700 

Dan,
Yes, good observation that c pointer is invalid - but it is not because of an overflow, but it rather seems that the msg->contact->parsed (where the "c" is read from) was populated with a pkg pointer in a different process. 

Regards

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 2019
  https://www.opensips.org/events/Summit-2019Amsterdam/

On 06/06/2019 05:01 PM, Dan Pascu wrote:

Looks like buffer overflow. That c variable in the first frame should be a memory address, but 
instead it contains "lo EYB", which I guess is "BYE ol" on little endian 
machines. Looks like some parsed part of the message spilled over and overwrote memory pointers.

On 5 Jun 2019, at 22:02, Ben Newlin wrote:


We have had another crash today.

  
Backtrace is here: https://pastebin.com/q4RQC7kS
  
I found this in the log at the time of the crash:
  
Jun  5 17:54:10 [4978] CRITICAL:core:sig_usr: segfault in process pid: 4978, id: 8
  
  
Please let me know if any further information can be useful.
  
Ben Newlin
  
From: Devel <devel-boun...@lists.opensips.org> on behalf of Ben Newlin <ben.new...@genesys.com>

Reply-To: OpenSIPS devel mailling list <devel@lists.opensips.org>
Date: Friday, May 10, 2019 at 6:31 PM
To: OpenSIPS devel mailling list <devel@lists.opensips.org>
Subject: Re: [OpenSIPS-Devel] OpenSIPS Crash

  
I found this in the log at the time of the crash:
  
kernel: opensips[5003]: segfault at 30 ip 00007fbd4c8f59d0 sp 00007ffcaa850c80 error 6 in tm.so[7fbd4c887000+8e000]
  
Ben Newlin
  
From: Devel <devel-boun...@lists.opensips.org> on behalf of Ben Newlin <ben.new...@genesys.com>

Reply-To: OpenSIPS devel mailling list <devel@lists.opensips.org>
Date: Friday, May 10, 2019 at 5:44 PM
To: OpenSIPS devel mailling list <devel@lists.opensips.org>
Subject: [OpenSIPS-Devel] OpenSIPS Crash

  
Hello,
  
We had a crash today of our OpenSIPS instance.
  
Backtrace is here: https://pastebin.com/QbRJimwx
  
# opensips -V

version: opensips 2.4.5 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, 
FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
git revision: d025b4f61
main.c compiled on 20:58:31 May  9 2019 with gcc 7

  
Ben Newlin

_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel


--
Dan





_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel



_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel























					Reply via email to