upon further tracing it looks like crash happens in action.c MODF_RVE_PARAM_FREE when calling pkg_free((dst)[i+2].u.data);
-----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, June 17, 2015 1:25 PM To: '[email protected]' Subject: Kamailio crashes when using replace_body_atonce from Textops Hi, Need some help resolving Kamailio crash. Kamailio version 4.1 on Centos (uname -r "Linux 2.6.18-164.11.1.el5") The issue: I want to replace text in the message body using replace_body_atonce from TextOps module Works fine when called like: replace_body_atonce("123456789","000"); Works fine when called like: $var(replacewith)="000"; replace_body_atonce("123456789",$var(replacewith)); However, Kamailio crashes when called like $var(findwhat)="123456789"; $var(replacewith)="000"; replace_body_atonce($var(findwhat),$var(replacewith)); The following is in the log Jun 17 16:21:08 tms /usr/local/sbin/kamailio[18614]: ERROR: textops [textops.c:570]: do_replace_body_f(): exit Jun 17 16:21:08 tms /usr/local/sbin/kamailio[18614]: : <core> [mem/q_malloc.c:454]: qm_free(): BUG: qm_free: bad pointer 0xc0c0c0c0 (out of memory block!) called from <core>: action.c: do_action(1164) - aborting Jun 17 16:21:08 tms /usr/local/sbin/kamailio[18612]: ALERT: <core> [main.c:778]: handle_sigs(): child process 18614 exited by a signal 6 Jun 17 16:21:08 tms /usr/local/sbin/kamailio[18612]: ALERT: <core> [main.c:781]: handle_sigs(): core was not generated For some reason no core dump is generated ( i have tried "ulimit -c unlimited" and "echo "1" > /proc/sys/kernel/core_uses_pid"). However, I added log entry right before replace_body_atonce returns and I do see that replace_body_atonce completes and returns but then crashes. I can easily reproduce the issue. Please let me know if you have some suggestion to try (even in the code as I can recompile it). Thanks, Denis _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
