Dan,
Yes, good observation that c pointer is invalid - but it is not because
of an overflow, but it rather seems that the msg->contact->parsed (where
the "c" is read from) was populated with a pkg pointer in a different
process.
Regards
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
Hi Ben,
Thanks for "another" report :).
Questions:
1) do you do any async for the INVITE in this crash ?
2) if it is an YES to (1), is the caller party generating the "503
Service Unavailable" (which triggers the crash) - 10.32.20.60 ?? - a
really close (from net delay perspective) and fast
Looks like buffer overflow. That c variable in the first frame should be a
memory address, but instead it contains "lo EYB", which I guess is "BYE ol" on
little endian machines. Looks like some parsed part of the message spilled over
and overwrote memory pointers.
On 5 Jun 2019, at 22:02, Ben