Bugs item #2921180, was opened at 2009-12-25 20:43 Message generated for change (Comment added) made by kriborgen You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2921180&group_id=232389
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: core Group: 1.6.x Status: Open Resolution: None Priority: 5 Private: No Submitted By: Kristian Borgen (kriborgen) Assigned to: Bogdan-Andrei Iancu (bogdan_iancu) Summary: 1.6.1 crash at free_params Initial Comment: One out of five times opensips crash after cancelling an invite, always at free_contenttype -> free_params, with dbg msg "DBG:tm:clean_msg_clone: removing hdr->parsed 12". ---------------------------------------------------------------------- >Comment By: Kristian Borgen (kriborgen) Date: 2009-12-29 19:52 Message: Don't know if there is a reason to copy content_type->parsed in sip_msg_cloner but removing it solves this issue. Patch to possible fix is uploaded, incl typo fix. ---------------------------------------------------------------------- Comment By: Kristian Borgen (kriborgen) Date: 2009-12-29 17:39 Message: I call nat_uac_test and has_body from request route. Core output without optimization is attached if you want the full core dump please tell me where to upload i cant get it below 256k so it can be uploaded here. ---------------------------------------------------------------------- Comment By: Bogdan-Andrei Iancu (bogdan_iancu) Date: 2009-12-29 16:40 Message: Hi Kristian, where do you call (for request) the nathelper and textops functions that triggers the parsing of content-type hdr? in request route? branch route? failure? I'm trying to reproduce this to get to the bottom of it. BTW, any chance to get access to the core file to inspect it? Regards, Bogdan ---------------------------------------------------------------------- Comment By: Kristian Borgen (kriborgen) Date: 2009-12-29 01:02 Message: I think i found the problem, in my case nathelper and textops functions parses the body and sets msg->content_type->parsed which point outside the uas.request memory chunk as it always has, but in 1.6.1 someone has added HDR_CONTENTTYPE_T to hdr_allocs_parse and clean_msg_clone now tries to free this memory where param->next sometimes has an illegal pointer. ---------------------------------------------------------------------- Comment By: Kristian Borgen (kriborgen) Date: 2009-12-27 11:25 Message: Sorry for not being to clear, i use the 1.6.1-notls release running on debian etch and my client is a snom 190 if it is of any difference, I did some more debugging and noticed that crash only happens when the msg->multi is set when reaching clean_msg_clone, if i add check msg->multi && hdr->type == 12 and don't call clean_hdr_field if true then i don't see any crashes. ---------------------------------------------------------------------- Comment By: Bogdan-Andrei Iancu (bogdan_iancu) Date: 2009-12-27 10:38 Message: what opensips revision are you using ? Regards, Bogdan ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2921180&group_id=232389 _______________________________________________ Devel mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
