Module: kamailio Branch: 4.1 Commit: 0e550eec214f9bfea1e87519e6c842230a552e50 URL: https://github.com/kamailio/kamailio/commit/0e550eec214f9bfea1e87519e6c842230a552e50
Author: Stefan Mititelu <[email protected]> Committer: Stefan Mititelu <[email protected]> Date: 2015-08-11T15:42:56+03:00 dtrie: Set child to NULL when run out of SHM The stop condition in dtrie_delete is node==NULL. Suppose the case when there is no SHM memory left when trying to dtrie_insert(). The memory gets freed by shm_free() but the pointer still points to it. This leads to segfault when dtrie_delete tries to access that memory zone, in the given case. GDB says: "Cannot access memory at address 0x1130000001d" (cherry picked from commit 60ffee9cf54ff362026497036935746c9dbe62e5) --- Modified: lib/trie/dtrie.c --- Diff: https://github.com/kamailio/kamailio/commit/0e550eec214f9bfea1e87519e6c842230a552e50.diff Patch: https://github.com/kamailio/kamailio/commit/0e550eec214f9bfea1e87519e6c842230a552e50.patch --- diff --git a/lib/trie/dtrie.c b/lib/trie/dtrie.c index 90cb52f..783f6e7 100644 --- a/lib/trie/dtrie.c +++ b/lib/trie/dtrie.c @@ -152,6 +152,7 @@ int dtrie_insert(struct dtrie_node_t *root, const char *number, const unsigned i if(node->child[digit]->child == NULL){ SHM_MEM_ERROR; shm_free(node->child[digit]); + node->child[digit] = NULL; return -1; } LM_DBG("allocate %lu bytes for %d root children pointer at %p\n", _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
