Just a quick update here, I've been debugging most of the day and believe I've
found something.
```
--- a/modules/presence/notify.c
+++ b/modules/presence/notify.c
@@ -1226,9 +1226,9 @@ str* get_p_notify_body(str pres_uri, pres_ev_t* event,
str* etag, str* publ_body
if(row_vals[extra_hdrs_col].val.string_val!=
NULL)
{
- if (extra_hdrs && !extra_hdrs->s)
+ len =
strlen(row_vals[extra_hdrs_col].val.string_val);
+ if (len > 0 && extra_hdrs &&
!extra_hdrs->s)
{
- len =
strlen(row_vals[extra_hdrs_col].val.string_val);
```
This occurs 3 times (on release 1.10.0, as well as master) in the `get_p_notify
body` function. I've been working under the assumption that mallocs of size 0
eventually lead to weirdness, and this code was another example where a
`pkg_malloc` of size 0 could occur.
Should a malloc of size 0 be safe? This is not the first set of crashes I've
*hopefully* fixed by preventing a malloc of size 0 (the last time around seems
to have gone well, we'll see about this one), although the other fix was in a
custom module.
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/721#issuecomment-193989081_______________________________________________
Devel mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
