[sr-dev] git:master:491e19eb: tls: update to default session id value to reflect major version

Module: kamailio Branch: master Commit: 491e19eb47384162cba64fd9f043e77574ce5017 URL: https://github.com/kamailio/kamailio/commit/491e19eb47384162cba64fd9f043e77574ce5017 Author: Daniel-Constantin Mierla Committer: Daniel-Constantin Mierla Date: 2018-09-21T12:51:08+02:00 tls: update to

Re: [sr-dev] [kamailio/kamailio] Crash on receiving incorrect REGISTER request? (#1420)

Seems it crashes when receiving register request like this: REGISTER sip:1.2.3.4:5060 SIP/2.0 Via: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK724588683 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [sr-dev] [kamailio/kamailio] dispatcher algorithm 11 with congestion control memory corruption problem (#1649)

quite sure I found it ! ``` /** * Initialize the relative weight distribution for a destination set * - fill the array of 0..99 elements where to keep the index of the * destination address to be used. The Nth call will use * the address with the index at possition N%100 */ int

Re: [sr-dev] [kamailio/kamailio] dispatcher algorithm 11 with congestion control memory corruption problem (#1649)

Re run the code in isolation using the inputs present ``` ~/git/examples$ valgrind ./bin/shuffle ==5245== Memcheck, a memory error detector ==5245== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==5245== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info

Re: [sr-dev] [kamailio/kamailio] dispatcher algorithm 11 with congestion control memory corruption problem (#1649)

shuffle_uint100array looks good, seems like the corruption took place before the lock was released since the int was set back to 0, hmm, still thinking ... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [sr-dev] [kamailio/kamailio] dispatcher algorithm 11 with congestion control memory corruption problem (#1649)

Syncronization problem where we read a value twice that could change in between. I even found 48 offset in this case ! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [sr-dev] [kamailio/kamailio] Crash on receiving incorrect REGISTER request? (#1420)

Reopened #1420. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/1420#event-1860729299___ Kamailio (SER) - Development Mailing List

Re: [sr-dev] [kamailio/kamailio] dispatcher algorithm 11 with congestion control memory corruption problem (#1649)

The lock was set to 0 else it would have been 48 times 2 ``` /* if the array was not completely filled (i.e., the sum of rweights is * less than 100 due to truncated), then use last address to fill the rest */ unsigned int last_insert = t > 0 ? dset->rwlist[t - 1] : (unsigned

[sr-dev] [kamailio/kamailio] dispatcher algorithm 11 with congestion control memory corruption problem (#1649)

### Description Segfault , suspected cause, writing out of bound of an array ### Troubleshooting In progress Reproduction Hard Debugging Data ``` /* code reference */ typedef struct _ds_set { int id; /*!< id of dst set */ int nr; /*!< number of items in

Re: [sr-dev] [kamailio/kamailio] dispatcher algorithm 11 with congestion control memory corruption problem (#1649)

more precisely, looks like 5 x ints with value 2 where written out of bound 2,1,2,1,1,0 2 1 2 1 1 0 20 overflow ``` (gdb) p (int)*(0x7f3a99a09fc8 + sizeof(struct _ds_set) - sizeof(unsigned int)*1) $53 = 0 (gdb) p (int)*(0x7f3a99a09fc8 + sizeof(struct _ds_set) -