[Sofia-sip-devel] [ sofia-sip-Bugs-2041747 ] SIPTAG_ORGANIZATION_TAG_STR crash

SourceForge.net Fri, 08 Aug 2008 05:11:09 -0700

Bugs item #2041747, was opened at 2008-08-07 17:19
Message generated for change (Comment added) made by ppessi
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=756076&aid=2041747&group_id=143636


Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Stefano Sabatini (stesaba)
Assigned to: Nobody/Anonymous (nobody)
Summary: SIPTAG_ORGANIZATION_TAG_STR crash

Initial Comment:
Hi dear libsofia devs,

this bug seems related to the use of the SIPTAG_ORGANIZATION_STR() in 
nua_invite(), after the incoming BYE it crashes.

This is what gdb tells:

nua: nua_application_event: entering
Arrived event number 6
I have received the event nua_i_active with status 200: Call active
tport_wakeup_pri(0x804d778): events IN
tport_recv_event(0x804d778)
tport_recv_iovec(0x804d778) msg 0x8053cd8 from (udp/10.88.3.67:5060) has 391 
bytes, veclen = 1
tport_deliver(0x804d778): msg 0x8053cd8 (391 bytes) from 
udp/10.88.3.204:5060/sip next=(nil)
nta: received BYE sip:10.xx.x.67 SIP/2.0 (CSeq 708415049)
nta: canonizing sip:10.xx.x.67 with contact
nta: BYE (708415049) going to existing leg
nua: nua_stack_process_request: entering

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7b54b90 (LWP 31017)]
0xb7edd771 in msg_hclass_offset (mc=0xb7fd1f80, mo=0x8054ac4, hc=0x75706552) at 
msg_parser.c:2475
(gdb) bt
#0  0xb7edd771 in msg_hclass_offset (mc=0xb7fd1f80, mo=0x8054ac4, 
hc=0x75706552) at msg_parser.c:2475
#1  0xb7edda6c in msg_header_add_dup (msg=0x8054a28, pub=0x8054ac4, 
src=0x804f0e0) at msg_parser.c:2567
#2  0xb7f45dee in sip_add_dup (msg=0x8054a28, sip=0x8054ac4, o=0x804f0e0) at 
sip_header.c:119
#3  0xb7f18e1a in nua_server_respond (sr=0xb7b53d68, tags=0x0) at 
nua_stack.c:1718
#4  0xb7f185d5 in nua_stack_process_request (nh=0x804ef08, leg=0x804d940, 
irq=0x80543f8, sip=0x8053d74) at nua_stack.c:1459
#5  0xb7efcbd1 in incoming_callback (leg=0x804d940, irq=0x80543f8, 
sip=0x8053d74) at nta.c:4857
#6  0xb7efb220 in leg_recv (leg=0x804d940, msg=0x8053cd8, sip=0x8053d74, 
tport=0x804d778) at nta.c:4174
#7  0xb7ef5c3a in agent_recv_request (agent=0x804c308, msg=0x8053cd8, 
sip=0x8053d74, tport=0x804d778) at nta.c:2463
#8  0xb7ef4776 in agent_recv_message (agent=0x804c308, tport=0x804d778, 
msg=0x8053cd8, tport_via=0x804ea80, now={tv_sec = 3427107229, tv_usec = 
100484}) at nta.c:2244
#9  0xb7f879fa in tport_base_deliver (self=0x804d778, msg=0x8053cd8, 
now={tv_sec = 3427107229, tv_usec = 100484}) at tport.c:3013
#10 0xb7f8798d in tport_deliver (self=0x804d778, msg=0x8053cd8, next=0x0, 
sc=0x0, now={tv_sec = 3427107229, tv_usec = 100484}) at tport.c:3002
#11 0xb7f874a8 in tport_parse (self=0x804d778, complete=1, now={tv_sec = 
3427107229, tv_usec = 100484}) at tport.c:2919
#12 0xb7f87178 in tport_recv_event (self=0x804d778) at tport.c:2861
#13 0xb7f86deb in tport_base_wakeup (self=0x804d778, events=1) at tport.c:2763
#14 0xb7f86b81 in tport_wakeup_pri (m=0x804b4b8, w=0x804baa0, self=0x804d778) 
at tport.c:2726
#15 0xb7f76331 in su_epoll_port_wait_events (self=0x804b790, tout=1000) at 
su_epoll_port.c:506
#16 0xb7f72d6b in su_base_port_run (self=0x804b790) at su_base_port.c:342
#17 0xb7f6fc69 in su_port_run (self=0x804b790) at su_port.h:310
#18 0xb7f6fc46 in su_root_run (self=0x804bc18) at su_root.c:689
#19 0xb7f73841 in su_pthread_port_clone_main (varg=0xbf959eec) at 
su_pthread_port.c:321
#20 0xb7b754fb in start_thread () from /lib/i686/cmov/libpthread.so.0
#21 0xb7df7d7e in clone () from /lib/i686/cmov/libc.so.6
(gdb) f 0
#0  0xb7edd771 in msg_hclass_offset (mc=0xb7fd1f80, mo=0x8054ac4, 
hc=0x75706552) at msg_parser.c:2475 
(gdb) p *mc->mc_hash_size
Cannot access memory at address 0x7f
(gdb) p mc->mc_hash_size
$14 = 127
(gdb) p hc
$15 = (const struct msg_hclass_s *) 0x75706552
(gdb) p *hc
Cannot access memory at address 0x75706552

If I put the same TAG in nua_create then the application crashes immediately.

I'm attaching the simple application which reproduces the issue.

Regards.


----------------------------------------------------------------------

>Comment By: Pekka Pessi (ppessi)
Date: 2008-08-08 15:11

Message:
Logged In: YES 
user_id=52043
Originator: NO

Fixed in darcs. Thanks for reporting this.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=756076&aid=2041747&group_id=143636

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Sofia-sip-devel mailing list
Sofia-sip-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel

[Sofia-sip-devel] [ sofia-sip-Bugs-2041747 ] SIPTAG_ORGANIZATION_TAG_STR crash

Reply via email to