Bugs item #2041747, was opened at 2008-08-07 14:19
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=756076&aid=2041747&group_id=143636
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Stefano Sabatini (stesaba)
Assigned to: Nobody/Anonymous (nobody)
Summary: SIPTAG_ORGANIZATION_TAG_STR crash
Initial Comment:
Hi dear libsofia devs,
this bug seems related to the use of the SIPTAG_ORGANIZATION_STR() in
nua_invite(), after the incoming BYE it crashes.
This is what gdb tells:
nua: nua_application_event: entering
Arrived event number 6
I have received the event nua_i_active with status 200: Call active
tport_wakeup_pri(0x804d778): events IN
tport_recv_event(0x804d778)
tport_recv_iovec(0x804d778) msg 0x8053cd8 from (udp/10.88.3.67:5060) has 391
bytes, veclen = 1
tport_deliver(0x804d778): msg 0x8053cd8 (391 bytes) from
udp/10.88.3.204:5060/sip next=(nil)
nta: received BYE sip:10.xx.x.67 SIP/2.0 (CSeq 708415049)
nta: canonizing sip:10.xx.x.67 with contact
nta: BYE (708415049) going to existing leg
nua: nua_stack_process_request: entering
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7b54b90 (LWP 31017)]
0xb7edd771 in msg_hclass_offset (mc=0xb7fd1f80, mo=0x8054ac4, hc=0x75706552) at
msg_parser.c:2475
(gdb) bt
#0 0xb7edd771 in msg_hclass_offset (mc=0xb7fd1f80, mo=0x8054ac4,
hc=0x75706552) at msg_parser.c:2475
#1 0xb7edda6c in msg_header_add_dup (msg=0x8054a28, pub=0x8054ac4,
src=0x804f0e0) at msg_parser.c:2567
#2 0xb7f45dee in sip_add_dup (msg=0x8054a28, sip=0x8054ac4, o=0x804f0e0) at
sip_header.c:119
#3 0xb7f18e1a in nua_server_respond (sr=0xb7b53d68, tags=0x0) at
nua_stack.c:1718
#4 0xb7f185d5 in nua_stack_process_request (nh=0x804ef08, leg=0x804d940,
irq=0x80543f8, sip=0x8053d74) at nua_stack.c:1459
#5 0xb7efcbd1 in incoming_callback (leg=0x804d940, irq=0x80543f8,
sip=0x8053d74) at nta.c:4857
#6 0xb7efb220 in leg_recv (leg=0x804d940, msg=0x8053cd8, sip=0x8053d74,
tport=0x804d778) at nta.c:4174
#7 0xb7ef5c3a in agent_recv_request (agent=0x804c308, msg=0x8053cd8,
sip=0x8053d74, tport=0x804d778) at nta.c:2463
#8 0xb7ef4776 in agent_recv_message (agent=0x804c308, tport=0x804d778,
msg=0x8053cd8, tport_via=0x804ea80, now={tv_sec = 3427107229, tv_usec =
100484}) at nta.c:2244
#9 0xb7f879fa in tport_base_deliver (self=0x804d778, msg=0x8053cd8,
now={tv_sec = 3427107229, tv_usec = 100484}) at tport.c:3013
#10 0xb7f8798d in tport_deliver (self=0x804d778, msg=0x8053cd8, next=0x0,
sc=0x0, now={tv_sec = 3427107229, tv_usec = 100484}) at tport.c:3002
#11 0xb7f874a8 in tport_parse (self=0x804d778, complete=1, now={tv_sec =
3427107229, tv_usec = 100484}) at tport.c:2919
#12 0xb7f87178 in tport_recv_event (self=0x804d778) at tport.c:2861
#13 0xb7f86deb in tport_base_wakeup (self=0x804d778, events=1) at tport.c:2763
#14 0xb7f86b81 in tport_wakeup_pri (m=0x804b4b8, w=0x804baa0, self=0x804d778)
at tport.c:2726
#15 0xb7f76331 in su_epoll_port_wait_events (self=0x804b790, tout=1000) at
su_epoll_port.c:506
#16 0xb7f72d6b in su_base_port_run (self=0x804b790) at su_base_port.c:342
#17 0xb7f6fc69 in su_port_run (self=0x804b790) at su_port.h:310
#18 0xb7f6fc46 in su_root_run (self=0x804bc18) at su_root.c:689
#19 0xb7f73841 in su_pthread_port_clone_main (varg=0xbf959eec) at
su_pthread_port.c:321
#20 0xb7b754fb in start_thread () from /lib/i686/cmov/libpthread.so.0
#21 0xb7df7d7e in clone () from /lib/i686/cmov/libc.so.6
(gdb) f 0
#0 0xb7edd771 in msg_hclass_offset (mc=0xb7fd1f80, mo=0x8054ac4,
hc=0x75706552) at msg_parser.c:2475
(gdb) p *mc->mc_hash_size
Cannot access memory at address 0x7f
(gdb) p mc->mc_hash_size
$14 = 127
(gdb) p hc
$15 = (const struct msg_hclass_s *) 0x75706552
(gdb) p *hc
Cannot access memory at address 0x75706552
If I put the same TAG in nua_create then the application crashes immediately.
I'm attaching the simple application which reproduces the issue.
Regards.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=756076&aid=2041747&group_id=143636
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Sofia-sip-devel mailing list
Sofia-sip-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
