[Sofia-sip-devel] strange bug surfaces on Fedora 20 and Mint using SIPTAG_PAYLOAD_STR
I recently came across a problem that manifested only on Fedora 20 and Mint (not on Ubunto or Centos 6.x). When using SIPTAG_PAYLOAD_STR to add a body to an outgoing SIP message, the message goes out without any body; i.e., it's as if that tag was silently ignored. My program would also subsquently crash. Again, this problem was only experienced on certain Linux distros I eventually tracked it to this code in the msg_hclass_offset function in msg_parser.c. else /* Header has no name. */ for (i = 0; i = 6; i++) if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); Something in that non-standard way of iterating through the msg_href_t elements in the msg_mclass_s structure was causing weird results. When I stepped through the code, which is supposed to iterate across the bolded elements in the struct below (you can see that I call it non-standard because it is incrementing across an array that has only one member, but using that as a device to check each of the 6 members) what I saw was that an incorrect match was returned, and thus the offset to the sip_payload_t member which this function returns was incorrect. Hence the bad things happened. struct msg_mclass_s { struct msg_hclass_s mc_hclass[1]; /** Recursive header class */ char const *mc_name; /** Protocol name, e.g., SIP/2.0 */ void *mc_tag; /** Protocol-specific tag */ unsigned mc_flags; /** Default flags */ unsigned mc_msize; /** Size of public message structure */ /** Function extracting the message contents. */ issize_t(*mc_extract_body)(msg_t *msg, msg_pub_t *pub, char b[], isize_t bsiz, int eos); msg_href_tmc_request[1]; /** Request line reference */ msg_href_tmc_status[1]; /** Status line reference */ msg_href_tmc_separator[1];/** Separator line reference */ msg_href_tmc_payload[1]; /** Message body reference */ msg_href_tmc_unknown[1]; /** Reference for unknown headers */ msg_href_tmc_error[1]; /** Reference for erroneous header */ msg_href_tmc_multipart[1];/** Multipart body reference */ msg_href_t const * mc_short; /** Short forms (or NULL) */ short mc_hash_size; /** Size of parsing table */ short mc_hash_used; /** Number of headers in parsing table */ /** Hash table for parsing containing reference for each header. */ msg_href_tmc_hash[MC_HASH_SIZE]; }; Here is my commit that fixed things in my public repo: https://github.com/davehorton/sofia-sip/commit/51bb86448d952a5997a8d7e38c545c164fa112a2 Dave-- Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform___ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
Re: [Sofia-sip-devel] strange bug surfaces on Fedora 20 and Mint using SIPTAG_PAYLOAD_STR
Thanks, that looks exactly like the same bug (and fix). Just out of interest, what kind of problem and what platform did you see problems manifest that led you to make this fix ? I haven't looked closely at the freeswitch fixes that haven't been ported back anywhere, but now I think I should. Can you send me a link to a commit history? Dave On Apr 24, 2014, at 10:52 AM, Michael Jerris m...@jerris.com wrote: Looks about right.. i had something very similar from the FreeSWITCH tree: diff --git a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c index d75b975..c312445 100644 --- a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c +++ b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c @@ -2470,8 +2470,6 @@ int msg_header_prepend(msg_t *msg, msg_header_t ** msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) { - int i; - assert(mc hc); if (mc == NULL || hc == NULL) @@ -2483,12 +2481,16 @@ msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) if (mc-mc_hash[j].hr_class == hc) { return (msg_header_t **)((char *)mo + mc-mc_hash[j].hr_offset); } - } - else + } else { /* Header has no name. */ -for (i = 0; i = 6; i++) - if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) - return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); +if (hc-hc_hash == mc-mc_request[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[0].hr_offset); +if (hc-hc_hash == mc-mc_status[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_status[0].hr_offset); +if (hc-hc_hash == mc-mc_separator[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_separator[0].hr_offset); +if (hc-hc_hash == mc-mc_payload[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_payload[0].hr_offset); +if (hc-hc_hash == mc-mc_unknown[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_unknown[0].hr_offset); +if (hc-hc_hash == mc-mc_error[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_error[0].hr_offset); +if (hc-hc_hash == mc-mc_multipart[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_multipart[0].hr_offset); + } return NULL; } On Apr 24, 2014, at 10:26 AM, Dave Horton d...@dchorton.com wrote: I recently came across a problem that manifested only on Fedora 20 and Mint (not on Ubunto or Centos 6.x). When using SIPTAG_PAYLOAD_STR to add a body to an outgoing SIP message, the message goes out without any body; i.e., it's as if that tag was silently ignored. My program would also subsquently crash. Again, this problem was only experienced on certain Linux distros I eventually tracked it to this code in the msg_hclass_offset function in msg_parser.c. else /* Header has no name. */ for (i = 0; i = 6; i++) if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); Something in that non-standard way of iterating through the msg_href_t elements in the msg_mclass_s structure was causing weird results. When I stepped through the code, which is supposed to iterate across the bolded elements in the struct below (you can see that I call it non-standard because it is incrementing across an array that has only one member, but using that as a device to check each of the 6 members) what I saw was that an incorrect match was returned, and thus the offset to the sip_payload_t member which this function returns was incorrect. Hence the bad things happened. struct msg_mclass_s { struct msg_hclass_s mc_hclass[1]; /** Recursive header class */ char const *mc_name; /** Protocol name, e.g., SIP/2.0 */ void *mc_tag; /** Protocol-specific tag */ unsigned mc_flags; /** Default flags */ unsigned mc_msize; /** Size of public message structure */ /** Function extracting the message contents. */ issize_t(*mc_extract_body)(msg_t *msg, msg_pub_t *pub, char b[], isize_t bsiz, int eos); msg_href_tmc_request[1]; /** Request line reference */ msg_href_tmc_status[1]; /** Status line reference */ msg_href_tmc_separator[1];/** Separator line reference */ msg_href_tmc_payload[1]; /** Message body reference */ msg_href_tmc_unknown[1]; /** Reference for unknown headers */ msg_href_tmc_error[1]; /** Reference for erroneous header */ msg_href_tmc_multipart[1];/** Multipart body reference */ msg_href_t const * mc_short; /** Short forms (or NULL) */ short mc_hash_size; /** Size of parsing table */ short mc_hash_used; /** Number of headers in parsing table */ /** Hash table for parsing containing reference for each header.
Re: [Sofia-sip-devel] strange bug surfaces on Fedora 20 and Mint using SIPTAG_PAYLOAD_STR
Looks about right.. i had something very similar from the FreeSWITCH tree: diff --git a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c index d75b975..c312445 100644 --- a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c +++ b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c @@ -2470,8 +2470,6 @@ int msg_header_prepend(msg_t *msg, msg_header_t ** msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) { - int i; - assert(mc hc); if (mc == NULL || hc == NULL) @@ -2483,12 +2481,16 @@ msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) if (mc-mc_hash[j].hr_class == hc) { return (msg_header_t **)((char *)mo + mc-mc_hash[j].hr_offset); } - } - else + } else { /* Header has no name. */ -for (i = 0; i = 6; i++) - if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) - return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); +if (hc-hc_hash == mc-mc_request[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[0].hr_offset); +if (hc-hc_hash == mc-mc_status[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_status[0].hr_offset); +if (hc-hc_hash == mc-mc_separator[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_separator[0].hr_offset); +if (hc-hc_hash == mc-mc_payload[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_payload[0].hr_offset); +if (hc-hc_hash == mc-mc_unknown[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_unknown[0].hr_offset); +if (hc-hc_hash == mc-mc_error[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_error[0].hr_offset); +if (hc-hc_hash == mc-mc_multipart[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_multipart[0].hr_offset); + } return NULL; } On Apr 24, 2014, at 10:26 AM, Dave Horton d...@dchorton.com wrote: I recently came across a problem that manifested only on Fedora 20 and Mint (not on Ubunto or Centos 6.x). When using SIPTAG_PAYLOAD_STR to add a body to an outgoing SIP message, the message goes out without any body; i.e., it's as if that tag was silently ignored. My program would also subsquently crash. Again, this problem was only experienced on certain Linux distros I eventually tracked it to this code in the msg_hclass_offset function in msg_parser.c. else /* Header has no name. */ for (i = 0; i = 6; i++) if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); Something in that non-standard way of iterating through the msg_href_t elements in the msg_mclass_s structure was causing weird results. When I stepped through the code, which is supposed to iterate across the bolded elements in the struct below (you can see that I call it non-standard because it is incrementing across an array that has only one member, but using that as a device to check each of the 6 members) what I saw was that an incorrect match was returned, and thus the offset to the sip_payload_t member which this function returns was incorrect. Hence the bad things happened. struct msg_mclass_s { struct msg_hclass_s mc_hclass[1]; /** Recursive header class */ char const *mc_name; /** Protocol name, e.g., SIP/2.0 */ void *mc_tag; /** Protocol-specific tag */ unsigned mc_flags; /** Default flags */ unsigned mc_msize; /** Size of public message structure */ /** Function extracting the message contents. */ issize_t(*mc_extract_body)(msg_t *msg, msg_pub_t *pub, char b[], isize_t bsiz, int eos); msg_href_tmc_request[1]; /** Request line reference */ msg_href_tmc_status[1]; /** Status line reference */ msg_href_tmc_separator[1];/** Separator line reference */ msg_href_tmc_payload[1]; /** Message body reference */ msg_href_tmc_unknown[1]; /** Reference for unknown headers */ msg_href_tmc_error[1]; /** Reference for erroneous header */ msg_href_tmc_multipart[1];/** Multipart body reference */ msg_href_t const * mc_short; /** Short forms (or NULL) */ short mc_hash_size; /** Size of parsing table */ short mc_hash_used; /** Number of headers in parsing table */ /** Hash table for parsing containing reference for each header. */ msg_href_tmc_hash[MC_HASH_SIZE]; }; Here is my commit that fixed things in my public repo: https://github.com/davehorton/sofia-sip/commit/51bb86448d952a5997a8d7e38c545c164fa112a2 Dave -- Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open
Re: [Sofia-sip-devel] strange bug surfaces on Fedora 20 and Mint using SIPTAG_PAYLOAD_STR
Our full history is: http://fisheye.freeswitch.org/changelog/FreeSWITCH/libs/sofia-sip?max=30view=fe or just pull directly from freeswitch git tree... the issue is, some of our fixes change behavior statically instead of having a tag to change behavior, so all the patches may not be appropriate.. Its on my list to start moving the good patches back into the sofia-sip tree, but i never seem to find the time. That being said, if you want to put some time in to that, I'd be happy to do the actual pushes to gitorious tree, just let me know. Mike On Apr 24, 2014, at 10:56 AM, Dave Horton d...@dchorton.com wrote: Thanks, that looks exactly like the same bug (and fix). Just out of interest, what kind of problem and what platform did you see problems manifest that led you to make this fix ? I haven't looked closely at the freeswitch fixes that haven't been ported back anywhere, but now I think I should. Can you send me a link to a commit history? Dave On Apr 24, 2014, at 10:52 AM, Michael Jerris m...@jerris.com wrote: Looks about right.. i had something very similar from the FreeSWITCH tree: diff --git a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c index d75b975..c312445 100644 --- a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c +++ b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c @@ -2470,8 +2470,6 @@ int msg_header_prepend(msg_t *msg, msg_header_t ** msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) { - int i; - assert(mc hc); if (mc == NULL || hc == NULL) @@ -2483,12 +2481,16 @@ msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) if (mc-mc_hash[j].hr_class == hc) { return (msg_header_t **)((char *)mo + mc-mc_hash[j].hr_offset); } - } - else + } else { /* Header has no name. */ -for (i = 0; i = 6; i++) - if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) - return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); +if (hc-hc_hash == mc-mc_request[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[0].hr_offset); +if (hc-hc_hash == mc-mc_status[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_status[0].hr_offset); +if (hc-hc_hash == mc-mc_separator[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_separator[0].hr_offset); +if (hc-hc_hash == mc-mc_payload[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_payload[0].hr_offset); +if (hc-hc_hash == mc-mc_unknown[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_unknown[0].hr_offset); +if (hc-hc_hash == mc-mc_error[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_error[0].hr_offset); +if (hc-hc_hash == mc-mc_multipart[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_multipart[0].hr_offset); + } return NULL; } On Apr 24, 2014, at 10:26 AM, Dave Horton d...@dchorton.com wrote: I recently came across a problem that manifested only on Fedora 20 and Mint (not on Ubunto or Centos 6.x). When using SIPTAG_PAYLOAD_STR to add a body to an outgoing SIP message, the message goes out without any body; i.e., it's as if that tag was silently ignored. My program would also subsquently crash. Again, this problem was only experienced on certain Linux distros I eventually tracked it to this code in the msg_hclass_offset function in msg_parser.c. else /* Header has no name. */ for (i = 0; i = 6; i++) if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); Something in that non-standard way of iterating through the msg_href_t elements in the msg_mclass_s structure was causing weird results. When I stepped through the code, which is supposed to iterate across the bolded elements in the struct below (you can see that I call it non-standard because it is incrementing across an array that has only one member, but using that as a device to check each of the 6 members) what I saw was that an incorrect match was returned, and thus the offset to the sip_payload_t member which this function returns was incorrect. Hence the bad things happened. struct msg_mclass_s { struct msg_hclass_s mc_hclass[1]; /** Recursive header class */ char const *mc_name; /** Protocol name, e.g., SIP/2.0 */ void *mc_tag; /** Protocol-specific tag */ unsigned mc_flags; /** Default flags */ unsigned mc_msize; /** Size of public message structure */ /** Function extracting the message contents. */ issize_t(*mc_extract_body)(msg_t *msg, msg_pub_t *pub, char b[], isize_t bsiz, int eos); msg_href_tmc_request[1]; /** Request line reference */
Re: [Sofia-sip-devel] strange bug surfaces on Fedora 20 and Mint using SIPTAG_PAYLOAD_STR
Interestingly, I ran into the same problem earlier this week trying out my application on Ubuntu 13. The root cause of the problem is in the gcc version, more specifically 4.8 and probably above, which introduces aggressive loop optimization techniques. Searching the net, you may find many other applications affected by the same gcc improvement. This problem can be circumvented by disabling loop optimizations via the new gcc options. However, it'd be better to fix the code as it has been done in FreeSWITCH. Arsen www.unimrcp.org On Thursday, April 24, 2014 8:32 AM, Michael Jerris m...@jerris.com wrote: Our full history is: http://fisheye.freeswitch.org/changelog/FreeSWITCH/libs/sofia-sip?max=30view=fe or just pull directly from freeswitch git tree... the issue is, some of our fixes change behavior statically instead of having a tag to change behavior, so all the patches may not be appropriate.. Its on my list to start moving the good patches back into the sofia-sip tree, but i never seem to find the time. That being said, if you want to put some time in to that, I'd be happy to do the actual pushes to gitorious tree, just let me know. Mike On Apr 24, 2014, at 10:56 AM, Dave Horton d...@dchorton.com wrote: Thanks, that looks exactly like the same bug (and fix). Just out of interest, what kind of problem and what platform did you see problems manifest that led you to make this fix ? I haven't looked closely at the freeswitch fixes that haven't been ported back anywhere, but now I think I should. Can you send me a link to a commit history? Dave On Apr 24, 2014, at 10:52 AM, Michael Jerris m...@jerris.com wrote: Looks about right.. i had something very similar from the FreeSWITCH tree: diff --git a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c index d75b975..c312445 100644 --- a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c +++ b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c @@ -2470,8 +2470,6 @@ int msg_header_prepend(msg_t *msg, msg_header_t ** msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) { - int i; - assert(mc hc); if (mc == NULL || hc == NULL) @@ -2483,12 +2481,16 @@ msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) if (mc-mc_hash[j].hr_class == hc) { return (msg_header_t **)((char *)mo + mc-mc_hash[j].hr_offset); } - } - else + } else { /* Header has no name. */ - for (i = 0; i = 6; i++) - if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) - return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); + if (hc-hc_hash == mc-mc_request[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[0].hr_offset); + if (hc-hc_hash == mc-mc_status[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_status[0].hr_offset); + if (hc-hc_hash == mc-mc_separator[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_separator[0].hr_offset); + if (hc-hc_hash == mc-mc_payload[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_payload[0].hr_offset); + if (hc-hc_hash == mc-mc_unknown[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_unknown[0].hr_offset); + if (hc-hc_hash == mc-mc_error[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_error[0].hr_offset); + if (hc-hc_hash == mc-mc_multipart[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_multipart[0].hr_offset); + } return NULL; } On Apr 24, 2014, at 10:26 AM, Dave Horton d...@dchorton.com wrote: I recently came across a problem that manifested only on Fedora 20 and Mint (not on Ubunto or Centos 6.x). When using SIPTAG_PAYLOAD_STR to add a body to an outgoing SIP message, the message goes out without any body; i.e., it's as if that tag was silently ignored. My program would also subsquently crash. Again, this problem was only experienced on certain Linux distros I eventually tracked it to this code in the msg_hclass_offset function in msg_parser.c. else /* Header has no name. */ for (i = 0; i = 6; i++) if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); Something in that non-standard way of iterating through the msg_href_t elements in the msg_mclass_s structure was causing weird results. When I stepped through the code, which is supposed to iterate across the bolded elements in the struct below (you can see that I call it non-standard because it is incrementing across an array that has only one member, but using that as a device to check each of the 6 members) what I saw was that an incorrect match was returned, and thus the offset to the sip_payload_t member which this function returns was incorrect. Hence the bad things happened. struct msg_mclass_s { struct msg_hclass_s mc_hclass[1];
Re: [Sofia-sip-devel] strange bug surfaces on Fedora 20 and Mint using SIPTAG_PAYLOAD_STR
Yes, I have made the fix in my github repo and am also in the process of reviewing and back-porting some Freeswitch fixes: https://github.com/davehorton/sofia-sip/commits/master On Apr 24, 2014, at 12:08 PM, Arsen Chaloyan achalo...@yahoo.com wrote: Interestingly, I ran into the same problem earlier this week trying out my application on Ubuntu 13. The root cause of the problem is in the gcc version, more specifically 4.8 and probably above, which introduces aggressive loop optimization techniques. Searching the net, you may find many other applications affected by the same gcc improvement. This problem can be circumvented by disabling loop optimizations via the new gcc options. However, it'd be better to fix the code as it has been done in FreeSWITCH. Arsen www.unimrcp.org On Thursday, April 24, 2014 8:32 AM, Michael Jerris m...@jerris.com wrote: Our full history is: http://fisheye.freeswitch.org/changelog/FreeSWITCH/libs/sofia-sip?max=30view=fe or just pull directly from freeswitch git tree... the issue is, some of our fixes change behavior statically instead of having a tag to change behavior, so all the patches may not be appropriate.. Its on my list to start moving the good patches back into the sofia-sip tree, but i never seem to find the time. That being said, if you want to put some time in to that, I'd be happy to do the actual pushes to gitorious tree, just let me know. Mike On Apr 24, 2014, at 10:56 AM, Dave Horton d...@dchorton.com wrote: Thanks, that looks exactly like the same bug (and fix). Just out of interest, what kind of problem and what platform did you see problems manifest that led you to make this fix ? I haven't looked closely at the freeswitch fixes that haven't been ported back anywhere, but now I think I should. Can you send me a link to a commit history? Dave On Apr 24, 2014, at 10:52 AM, Michael Jerris m...@jerris.com wrote: Looks about right.. i had something very similar from the FreeSWITCH tree: diff --git a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c index d75b975..c312445 100644 --- a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c +++ b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser.c @@ -2470,8 +2470,6 @@ int msg_header_prepend(msg_t *msg, msg_header_t ** msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) { - int i; - assert(mc hc); if (mc == NULL || hc == NULL) @@ -2483,12 +2481,16 @@ msg_hclass_offset(msg_mclass_t const *mc, msg_pub_t const *mo, msg_hclass_t *hc) if (mc-mc_hash[j].hr_class == hc) { return (msg_header_t **)((char *)mo + mc-mc_hash[j].hr_offset); } - } - else + } else { /* Header has no name. */ -for (i = 0; i = 6; i++) - if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) - return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); +if (hc-hc_hash == mc-mc_request[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[0].hr_offset); +if (hc-hc_hash == mc-mc_status[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_status[0].hr_offset); +if (hc-hc_hash == mc-mc_separator[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_separator[0].hr_offset); +if (hc-hc_hash == mc-mc_payload[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_payload[0].hr_offset); +if (hc-hc_hash == mc-mc_unknown[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_unknown[0].hr_offset); +if (hc-hc_hash == mc-mc_error[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_error[0].hr_offset); +if (hc-hc_hash == mc-mc_multipart[0].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_multipart[0].hr_offset); + } return NULL; } On Apr 24, 2014, at 10:26 AM, Dave Horton d...@dchorton.com wrote: I recently came across a problem that manifested only on Fedora 20 and Mint (not on Ubunto or Centos 6.x). When using SIPTAG_PAYLOAD_STR to add a body to an outgoing SIP message, the message goes out without any body; i.e., it's as if that tag was silently ignored. My program would also subsquently crash. Again, this problem was only experienced on certain Linux distros I eventually tracked it to this code in the msg_hclass_offset function in msg_parser.c. else /* Header has no name. */ for (i = 0; i = 6; i++) if (hc-hc_hash == mc-mc_request[i].hr_class-hc_hash) return (msg_header_t **)((char *)mo + mc-mc_request[i].hr_offset); Something in that non-standard way of iterating through the msg_href_t elements in the msg_mclass_s structure was causing weird results. When I stepped through the code, which is supposed to iterate across the bolded elements in the struct below (you can see that I call it non-standard because it is incrementing across an array that has only one member, but using that as a device to check each of the 6 members)