[OpenSIPS-Devel] [ opensips-Bugs-3411442 ] Segmentation fault in push_reply_in_dialog
Bugs item #3411442, was opened at 2011-09-19 14:56 Message generated for change (Comment added) made by vladut-paiu You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=1086410aid=3411442group_id=232389 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: core Group: 1.7.x Status: Open Resolution: None Priority: 5 Private: No Submitted By: Sergey Lavrov (sybasesql) Assigned to: Nobody/Anonymous (nobody) Summary: Segmentation fault in push_reply_in_dialog Initial Comment: opensips-1.7.0 rev 8357 OS: centos 5.6 x86_64 I have Segmentation fault: #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 350 if ( dlg-legs[leg].tag.len==tag.len --- (gdb) bt #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 #1 0x2ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=value optimized out, param=value optimized out) at dlg_handlers.c:434 #2 0x2ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212 #3 0x2ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166 #4 0x2ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512 #5 0x004222fd in forward_reply (msg=0x8229b0) at forward.c:568 #6 0x0044fb81 in receive_msg ( buf=0x753020 SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5060;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor..., len=878, rcv_info=0x7fff31d9cd70) at receive.c:203 #7 0x0048f698 in udp_rcv_loop () at udp_server.c:419 #8 0x0042a57c in main_loop (argc=value optimized out, argv=value optimized out) at main.c:885 #9 main (argc=value optimized out, argv=value optimized out) at main.c:1503 --- (gdb) bt full #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 tag = { s = 0x75322a 1174779552\r\nCall-ID: ZTMwNzdhN2M2YjA4ODM4MmRiYTJkOGQ1MDVmNzlhOTA.\r\nCSeq: 1 INVITE\r\nContact: sip:manager2@89.31.18.41:1026\r\nAllow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SU..., len = 10} contact = {s = 0x2ac7a3171158 \330w, len = -1668799477} rr_set = {s = 0x2 Address 0x2 out of bounds, len = -1558833544} leg = 1 skip_rrs = value optimized out __FUNCTION__ = push_reply_in_dialog #1 0x2ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=value optimized out, param=value optimized out) at dlg_handlers.c:434 rpl = 0x8229b0 req = 0x2ac7a3035fd8 dlg = 0x2ac7a2e42200 new_state = value optimized out old_state = value optimized out unref = value optimized out event = value optimized out mangled_from = {s = 0x0, len = 0} mangled_to = {s = 0x0, len = 0} req_out_buff = 0xb4 __FUNCTION__ = dlg_onreply #2 0x2ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212 params = {req = 0x2ac7a3035fd8, rpl = 0x8229b0, code = 180, param = 0x2ac7a2bc9930, extra1 = 0x0, extra2 = 0x0} cbp = 0x2ac7a2bc9920 backup = 0x763030 trans_backup = 0x2ac7a2e42b70 __FUNCTION__ = run_trans_callbacks #3 0x2ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166 relay = 1200 save_clone = 0 buf = value optimized out res_len = 0 relayed_code = 180 relayed_msg = value optimized out bm = {to_tag_val = {s = 0x1 Address 0x1 out of bounds, len = 8530352}} totag_retr = value optimized out reply_status = RPS_PROVISIONAL uas_rb = 0x2ac7a2e42c70 cb_s = {s = 0x8229b0 \002\002\061, len = 8108712} text = {s = 0x8277a8 \001, len = 878} __FUNCTION__ = relay_reply #4 0x2ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512 msg_status = 180 last_uac_status = value optimized out branch = 8587360 reply_status = value optimized out timer = value optimized out cancel_bitmap = 0 uac = 0x2ac7a2e42d48 t = 0x2ac7a2e42b70 backup_list = 0x0 __FUNCTION__ = reply_received #5 0x004222fd in forward_reply (msg=0x8229b0) at forward.c:568 new_buf =
[OpenSIPS-Devel] [ opensips-Bugs-3411442 ] Segmentation fault in push_reply_in_dialog
Bugs item #3411442, was opened at 2011-09-19 15:56 Message generated for change (Comment added) made by sybasesql You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=1086410aid=3411442group_id=232389 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: core Group: 1.7.x Status: Open Resolution: None Priority: 5 Private: No Submitted By: Sergey Lavrov (sybasesql) Assigned to: Nobody/Anonymous (nobody) Summary: Segmentation fault in push_reply_in_dialog Initial Comment: opensips-1.7.0 rev 8357 OS: centos 5.6 x86_64 I have Segmentation fault: #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 350 if ( dlg-legs[leg].tag.len==tag.len --- (gdb) bt #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 #1 0x2ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=value optimized out, param=value optimized out) at dlg_handlers.c:434 #2 0x2ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212 #3 0x2ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166 #4 0x2ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512 #5 0x004222fd in forward_reply (msg=0x8229b0) at forward.c:568 #6 0x0044fb81 in receive_msg ( buf=0x753020 SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5060;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor..., len=878, rcv_info=0x7fff31d9cd70) at receive.c:203 #7 0x0048f698 in udp_rcv_loop () at udp_server.c:419 #8 0x0042a57c in main_loop (argc=value optimized out, argv=value optimized out) at main.c:885 #9 main (argc=value optimized out, argv=value optimized out) at main.c:1503 --- (gdb) bt full #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 tag = { s = 0x75322a 1174779552\r\nCall-ID: ZTMwNzdhN2M2YjA4ODM4MmRiYTJkOGQ1MDVmNzlhOTA.\r\nCSeq: 1 INVITE\r\nContact: sip:manager2@89.31.18.41:1026\r\nAllow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SU..., len = 10} contact = {s = 0x2ac7a3171158 \330w, len = -1668799477} rr_set = {s = 0x2 Address 0x2 out of bounds, len = -1558833544} leg = 1 skip_rrs = value optimized out __FUNCTION__ = push_reply_in_dialog #1 0x2ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=value optimized out, param=value optimized out) at dlg_handlers.c:434 rpl = 0x8229b0 req = 0x2ac7a3035fd8 dlg = 0x2ac7a2e42200 new_state = value optimized out old_state = value optimized out unref = value optimized out event = value optimized out mangled_from = {s = 0x0, len = 0} mangled_to = {s = 0x0, len = 0} req_out_buff = 0xb4 __FUNCTION__ = dlg_onreply #2 0x2ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212 params = {req = 0x2ac7a3035fd8, rpl = 0x8229b0, code = 180, param = 0x2ac7a2bc9930, extra1 = 0x0, extra2 = 0x0} cbp = 0x2ac7a2bc9920 backup = 0x763030 trans_backup = 0x2ac7a2e42b70 __FUNCTION__ = run_trans_callbacks #3 0x2ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166 relay = 1200 save_clone = 0 buf = value optimized out res_len = 0 relayed_code = 180 relayed_msg = value optimized out bm = {to_tag_val = {s = 0x1 Address 0x1 out of bounds, len = 8530352}} totag_retr = value optimized out reply_status = RPS_PROVISIONAL uas_rb = 0x2ac7a2e42c70 cb_s = {s = 0x8229b0 \002\002\061, len = 8108712} text = {s = 0x8277a8 \001, len = 878} __FUNCTION__ = relay_reply #4 0x2ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512 msg_status = 180 last_uac_status = value optimized out branch = 8587360 reply_status = value optimized out timer = value optimized out cancel_bitmap = 0 uac = 0x2ac7a2e42d48 t = 0x2ac7a2e42b70 backup_list = 0x0 __FUNCTION__ = reply_received #5 0x004222fd in forward_reply (msg=0x8229b0) at forward.c:568 new_buf =
[OpenSIPS-Devel] [ opensips-Bugs-3411442 ] Segmentation fault in push_reply_in_dialog
Bugs item #3411442, was opened at 2011-09-19 14:56 Message generated for change (Settings changed) made by bogdan_iancu You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=1086410aid=3411442group_id=232389 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: core Group: 1.7.x Status: Open Resolution: None Priority: 5 Private: No Submitted By: Sergey Lavrov (sybasesql) Assigned to: Vladut-Stefan Paiu (vladut-paiu) Summary: Segmentation fault in push_reply_in_dialog Initial Comment: opensips-1.7.0 rev 8357 OS: centos 5.6 x86_64 I have Segmentation fault: #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 350 if ( dlg-legs[leg].tag.len==tag.len --- (gdb) bt #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 #1 0x2ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=value optimized out, param=value optimized out) at dlg_handlers.c:434 #2 0x2ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212 #3 0x2ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166 #4 0x2ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512 #5 0x004222fd in forward_reply (msg=0x8229b0) at forward.c:568 #6 0x0044fb81 in receive_msg ( buf=0x753020 SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5060;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor..., len=878, rcv_info=0x7fff31d9cd70) at receive.c:203 #7 0x0048f698 in udp_rcv_loop () at udp_server.c:419 #8 0x0042a57c in main_loop (argc=value optimized out, argv=value optimized out) at main.c:885 #9 main (argc=value optimized out, argv=value optimized out) at main.c:1503 --- (gdb) bt full #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 tag = { s = 0x75322a 1174779552\r\nCall-ID: ZTMwNzdhN2M2YjA4ODM4MmRiYTJkOGQ1MDVmNzlhOTA.\r\nCSeq: 1 INVITE\r\nContact: sip:manager2@89.31.18.41:1026\r\nAllow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SU..., len = 10} contact = {s = 0x2ac7a3171158 \330w, len = -1668799477} rr_set = {s = 0x2 Address 0x2 out of bounds, len = -1558833544} leg = 1 skip_rrs = value optimized out __FUNCTION__ = push_reply_in_dialog #1 0x2ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=value optimized out, param=value optimized out) at dlg_handlers.c:434 rpl = 0x8229b0 req = 0x2ac7a3035fd8 dlg = 0x2ac7a2e42200 new_state = value optimized out old_state = value optimized out unref = value optimized out event = value optimized out mangled_from = {s = 0x0, len = 0} mangled_to = {s = 0x0, len = 0} req_out_buff = 0xb4 __FUNCTION__ = dlg_onreply #2 0x2ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212 params = {req = 0x2ac7a3035fd8, rpl = 0x8229b0, code = 180, param = 0x2ac7a2bc9930, extra1 = 0x0, extra2 = 0x0} cbp = 0x2ac7a2bc9920 backup = 0x763030 trans_backup = 0x2ac7a2e42b70 __FUNCTION__ = run_trans_callbacks #3 0x2ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166 relay = 1200 save_clone = 0 buf = value optimized out res_len = 0 relayed_code = 180 relayed_msg = value optimized out bm = {to_tag_val = {s = 0x1 Address 0x1 out of bounds, len = 8530352}} totag_retr = value optimized out reply_status = RPS_PROVISIONAL uas_rb = 0x2ac7a2e42c70 cb_s = {s = 0x8229b0 \002\002\061, len = 8108712} text = {s = 0x8277a8 \001, len = 878} __FUNCTION__ = relay_reply #4 0x2ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512 msg_status = 180 last_uac_status = value optimized out branch = 8587360 reply_status = value optimized out timer = value optimized out cancel_bitmap = 0 uac = 0x2ac7a2e42d48 t = 0x2ac7a2e42b70 backup_list = 0x0 __FUNCTION__ = reply_received #5 0x004222fd in forward_reply (msg=0x8229b0) at forward.c:568
[OpenSIPS-Devel] [ opensips-Bugs-3411442 ] Segmentation fault in push_reply_in_dialog
Bugs item #3411442, was opened at 2011-09-19 15:56 Message generated for change (Tracker Item Submitted) made by sybasesql You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=1086410aid=3411442group_id=232389 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: core Group: 1.7.x Status: Open Resolution: None Priority: 5 Private: No Submitted By: Sergey Lavrov (sybasesql) Assigned to: Nobody/Anonymous (nobody) Summary: Segmentation fault in push_reply_in_dialog Initial Comment: opensips-1.7.0 rev 8357 OS: centos 5.6 x86_64 I have Segmentation fault: #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 350 if ( dlg-legs[leg].tag.len==tag.len --- (gdb) bt #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 #1 0x2ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=value optimized out, param=value optimized out) at dlg_handlers.c:434 #2 0x2ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212 #3 0x2ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166 #4 0x2ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512 #5 0x004222fd in forward_reply (msg=0x8229b0) at forward.c:568 #6 0x0044fb81 in receive_msg ( buf=0x753020 SIP/2.0 180 Ringing\r\nVia: SIP/2.0/UDP x.x.x.x;branch=z9hG4bK258b.677fa944.0;i=481\r\nVia: SIP/2.0/TCP y.y.y.y:5060;received=y.y.y.y;branch=z9hG4bK-d8754z-d0ea2355dab67205-1---d8754z-;rpor..., len=878, rcv_info=0x7fff31d9cd70) at receive.c:203 #7 0x0048f698 in udp_rcv_loop () at udp_server.c:419 #8 0x0042a57c in main_loop (argc=value optimized out, argv=value optimized out) at main.c:885 #9 main (argc=value optimized out, argv=value optimized out) at main.c:1503 --- (gdb) bt full #0 0x2ac79c880dd2 in push_reply_in_dialog (rpl=0x8229b0, t=0x2ac7a2e42b70, dlg=0x2ac7a2e42200, mangled_from=0x7fff31d9c940, mangled_to=0x7fff31d9c930) at dlg_handlers.c:350 tag = { s = 0x75322a 1174779552\r\nCall-ID: ZTMwNzdhN2M2YjA4ODM4MmRiYTJkOGQ1MDVmNzlhOTA.\r\nCSeq: 1 INVITE\r\nContact: sip:manager2@89.31.18.41:1026\r\nAllow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SU..., len = 10} contact = {s = 0x2ac7a3171158 \330w, len = -1668799477} rr_set = {s = 0x2 Address 0x2 out of bounds, len = -1558833544} leg = 1 skip_rrs = value optimized out __FUNCTION__ = push_reply_in_dialog #1 0x2ac79c8822be in dlg_onreply (t=0x2ac7a2e42b70, type=value optimized out, param=value optimized out) at dlg_handlers.c:434 rpl = 0x8229b0 req = 0x2ac7a3035fd8 dlg = 0x2ac7a2e42200 new_state = value optimized out old_state = value optimized out unref = value optimized out event = value optimized out mangled_from = {s = 0x0, len = 0} mangled_to = {s = 0x0, len = 0} req_out_buff = 0xb4 __FUNCTION__ = dlg_onreply #2 0x2ac79c42f54b in run_trans_callbacks (type=8, trans=0x2ac7a2e42b70, req=0x2ac7a3035fd8, rpl=0x8229b0, code=180) at t_hooks.c:212 params = {req = 0x2ac7a3035fd8, rpl = 0x8229b0, code = 180, param = 0x2ac7a2bc9930, extra1 = 0x0, extra2 = 0x0} cbp = 0x2ac7a2bc9920 backup = 0x763030 trans_backup = 0x2ac7a2e42b70 __FUNCTION__ = run_trans_callbacks #3 0x2ac79c43c480 in relay_reply (t=0x2ac7a2e42b70, p_msg=0x8229b0, branch=1200, msg_status=180, cancel_bitmap=0x7fff31d9cc28) at t_reply.c:1166 relay = 1200 save_clone = 0 buf = value optimized out res_len = 0 relayed_code = 180 relayed_msg = value optimized out bm = {to_tag_val = {s = 0x1 Address 0x1 out of bounds, len = 8530352}} totag_retr = value optimized out reply_status = RPS_PROVISIONAL uas_rb = 0x2ac7a2e42c70 cb_s = {s = 0x8229b0 \002\002\061, len = 8108712} text = {s = 0x8277a8 \001, len = 878} __FUNCTION__ = relay_reply #4 0x2ac79c43caac in reply_received (p_msg=0x8229b0) at t_reply.c:1512 msg_status = 180 last_uac_status = value optimized out branch = 8587360 reply_status = value optimized out timer = value optimized out cancel_bitmap = 0 uac = 0x2ac7a2e42d48 t = 0x2ac7a2e42b70 backup_list = 0x0 __FUNCTION__ = reply_received #5 0x004222fd in forward_reply (msg=0x8229b0) at forward.c:568