Module: kamailio
Branch: master
Commit: 491e19eb47384162cba64fd9f043e77574ce5017
URL:
https://github.com/kamailio/kamailio/commit/491e19eb47384162cba64fd9f043e77574ce5017
Author: Daniel-Constantin Mierla
Committer: Daniel-Constantin Mierla
Date: 2018-09-21T12:51:08+02:00
tls: update to
Seems it crashes when receiving register request like this:
REGISTER sip:1.2.3.4:5060 SIP/2.0
Via: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK724588683
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
quite sure I found it !
```
/**
* Initialize the relative weight distribution for a destination set
* - fill the array of 0..99 elements where to keep the index of the
* destination address to be used. The Nth call will use
* the address with the index at possition N%100
*/
int
Re run the code in isolation using the inputs present
```
~/git/examples$ valgrind ./bin/shuffle
==5245== Memcheck, a memory error detector
==5245== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==5245== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
shuffle_uint100array looks good, seems like the corruption took place before
the lock was released since the int was set back to 0, hmm, still thinking ...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Syncronization problem where we read a value twice that could change in
between.
I even found 48 offset in this case !
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Reopened #1420.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1420#event-1860729299___
Kamailio (SER) - Development Mailing List
The lock was set to 0 else it would have been 48 times 2
```
/* if the array was not completely filled (i.e., the sum of rweights is
* less than 100 due to truncated), then use last address to fill the rest */
unsigned int last_insert =
t > 0 ? dset->rwlist[t - 1] : (unsigned
### Description
Segfault , suspected cause, writing out of bound of an array
### Troubleshooting
In progress
Reproduction
Hard
Debugging Data
```
/* code reference */
typedef struct _ds_set {
int id; /*!< id of dst set */
int nr; /*!< number of items in
more precisely, looks like 5 x ints with value 2 where written out of bound
2,1,2,1,1,0
2 1 2 1 1 0 20
overflow
```
(gdb) p (int)*(0x7f3a99a09fc8 + sizeof(struct _ds_set) - sizeof(unsigned
int)*1)
$53 = 0
(gdb) p (int)*(0x7f3a99a09fc8 + sizeof(struct _ds_set) -
10 matches
Mail list logo