#300 Segfault in codecs.c in r6844

1.6.x
closed-fixed
modules (454)
8
2010-07-14
2010-07-12
Thomas Gelf
No

Full coredump sent to Bogdan, here is the short/masked one:

#0 stream_process (cell=0x81b3e8, pos=<value optimized out>, s=0x79ba38, ss=0x0, re=0x0, op=0, description=0) at codecs.c:278
#1 0x00007f8195e5f2f4 in do_for_all_streams (msg=0x7f8196ac5140, str1=0x79ba38, str2=0x0, re=0x0, op=0, desc=0,
f=0x7f8195e5e860 <stream_process>) at codecs.c:196
#2 0x00007f8195e5f72e in codec_find (msg=0x37d, str1=0x2a <Address 0x2a out of bounds>) at codecs.c:480
#3 0x000000000040f852 in do_action (a=0x79c338, msg=0x7f8196ac5140) at action.c:967
#4 0x000000000040e7bb in run_action_list (a=<value optimized out>, msg=0x7f8196ac5140) at action.c:139
#5 0x0000000000450244 in eval_elem (e=0x79c410, msg=0x7f8196ac5140, val=0x3a7) at route.c:1240
#6 0x00000000004518e5 in eval_expr (e=0x37d, msg=0x7f8196ac5140, val=0x0) at route.c:1540
#7 0x00000000004518b9 in eval_expr (e=0x79c460, msg=0x7f8196ac5140, val=0x0) at route.c:1561
#8 0x000000000040fc6f in do_action (a=0x79c6b8, msg=0x7f8196ac5140) at action.c:689
#9 0x000000000040e7bb in run_action_list (a=<value optimized out>, msg=0x7f8196ac5140) at action.c:139
#10 0x0000000000410fad in do_action (a=0x7a56c8, msg=0x7f8196ac5140) at action.c:119
#11 0x000000000040e7bb in run_action_list (a=<value optimized out>, msg=0x7f8196ac5140) at action.c:139
#12 0x0000000000411366 in do_action (a=0x7a5898, msg=0x7f8196ac5140) at action.c:706
#13 0x000000000040e7bb in run_action_list (a=<value optimized out>, msg=0x7f8196ac5140) at action.c:139
#14 0x00000000004121f0 in run_top_route (a=0x7a2c20, msg=0x7f8196ac5140) at action.c:119
#15 0x00007f819689eb80 in pre_print_uac_request (t=0x7f818c0cf170, branch=1, request=0x7f8196ac5140) at t_fwd.c:150
#16 0x00007f819689ff6a in add_uac (t=0x37d, request=0x7f8196ac5140, uri=0x7fff35173f10, next_hop=0x7fff35173f20, path=0x0,
proxy=<value optimized out>) at t_fwd.c:400
#17 0x00007f81968a08b4 in t_forward_nonack (t=0x7f818c0cf170, p_msg=0x7f8196ac5140, proxy=0x0) at t_fwd.c:645
#18 0x00007f81968a976f in w_t_relay (p_msg=0x7f8196ac5140, proxy=0x0, flags=0x0) at tm.c:1101
#19 0x000000000040f852 in do_action (a=0x7ac3a0, msg=0x7f8196ac5140) at action.c:967
#20 0x000000000040e7bb in run_action_list (a=<value optimized out>, msg=0x7f8196ac5140) at action.c:139
#21 0x0000000000411366 in do_action (a=0x7ac5e8, msg=0x7f8196ac5140) at action.c:706
#22 0x000000000040e7bb in run_action_list (a=<value optimized out>, msg=0x7f8196ac5140) at action.c:139
#23 0x00000000004121f0 in run_top_route (a=0x7aaaf0, msg=0x7f8196ac5140) at action.c:119
#24 0x00007f81968b329a in t_should_relay_response (Trans=0x7f818c0cf170, new_code=<value optimized out>, branch=0, should_store=0x7fff35174948,
should_relay=0x7fff3517494c, cancel_bitmap=0x7fff35174a18, reply=0x7d39b8) at t_reply.c:612
#25 0x00007f81968b3879 in relay_reply (t=0x37d, p_msg=0x7d39b8, branch=0, msg_status=407, cancel_bitmap=0x7fff35174a18) at t_reply.c:1124
#26 0x00007f81968b48af in reply_received (p_msg=0x7d39b8) at t_reply.c:1493
#27 0x000000000041da10 in forward_reply (msg=0x7d39b8) at forward.c:559
#28 0x0000000000445688 in receive_msg (
buf=0x70f340 "SIP/2.0 407 Proxy Authentication Required\r\nVia: SIP/2.0/UDP 4.3.2.1;branch=z9hG4bK8674.deff2d31.0\r\nVia: SIP/2.0/UDP 1.2.3.4:5060;rport=5060;received=1.2.3.4;branch=z9hG4bK18F2E08"..., len=798, rcv_info=0x7fff35174b20) at receive.c:200
#29 0x000000000047666c in udp_rcv_loop () at udp_server.c:492
#30 0x000000000042370e in main (argc=<value optimized out>, argv=0x7fff35174cf8) at main.c:818

I'm seeing similar ones appearing sporadically and can offer access to similar-looking corefiles (with different traces, it happens for example also for fake_reply called by timer_routine - and occurs always in stream_process).

Cheers,
Thomas Gelf

Discussion

    • priority: 5 --> 8
    • assigned_to: nobody --> bogdan_iancu
     
    • status: open --> open-fixed
     
  • Thomas, there is a fix available on SVN trunk only - still in testing - see rev 7016 + 7018.

    If you could test it and report back, it will help me a lot.

    Thanks & Regards,
    Bogdan

     
    • status: open-fixed --> closed-fixed