Hello. Regarding STUN - it seems that there is the same bug on line 870. Again, iterator b2 is created before memory allocation.
I'll try memory debug, but don't know, when - our OpenSIPS works under load, people make calls and so on :) I use version 1.6.0 for now, it seems to be quite stable. > Hi Alexander, > Indeed, the stun issue looks like a silly bug - I fixed it on SVN - > Thanks a lot for the report and fix. > Regarding the other bugs you reported, could you please compile in the > memory debug support (http://www.opensips.org/Resources/DocsTsMem) and set > memlog=8 > memdump=2 > maybe the debugger will be able to get out more info. > Regards, > Bogdan > Alexander wrote: >> I've encountered a problem - sometimes OpenSIPS 1.6.0 crashes. GDB >> says that crash was in stun.c, line 836. Going to this line, we see: >> >> case UNKNOWN_ATTRIBUTES: >> /* iterator */ >> b2 = (T16 *) msg->unknownAttributes->buffer; >> /* allocate unknownAttributes buffer */ >> msg->unknownAttributes = (Buffer*) >> pkg_malloc(sizeof(Buffer)); >> if(!msg->unknownAttributes){ >> LM_DBG("out of mem\n"); >> return -1; >> } >> memset(msg->unknownAttributes, 0, sizeof(Buffer)); >> >> Is it OK, that we create iterator, and then allocate buffer? >> uknownAttributes is not allocated when iterator is created. I've >> changed it to: >> >> case UNKNOWN_ATTRIBUTES: >> /* allocate unknownAttributes buffer */ >> msg->unknownAttributes = (Buffer*) >> pkg_malloc(sizeof(Buffer)); >> if(!msg->unknownAttributes){ >> LM_DBG("out of mem\n"); >> return -1; >> } >> memset(msg->unknownAttributes, 0, sizeof(Buffer)); >> >> /* iterator */ >> b2 = (T16 *) msg->unknownAttributes->buffer; >> >> Now it seems to work properly. >> >> By the way, version 1.6.1 contains the same bug in STUN module. >> Unfortunately, 1.6.1 is unusable for me - crashes too often :( I wrote >> one report about crash on NOTIFY (with backtrace), and today I've >> encountered another crash: >> >> Program terminated with signal 11, Segmentation fault. >> [New process 19330] >> #0 0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>) >> at mem/f_malloc.c:172 >> 172 *pf=n->u.nxt_free; >> (gdb) where >> #0 0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>) >> at mem/f_malloc.c:172 >> #1 0x00603d04 in build_rr (_l=0x81e07d8, _l2=0x81e1d1c, >> user=0xbff381d0, tag=0x81d1fc0, params=0x0, _inbound=1) at record.c:163 >> #2 0x0060471f in record_route (_m=0x81d1bec, params=0x0) at record.c:320 >> #3 0x00606031 in w_record_route (msg=0x81d1bec, key=0x0, bar=0x0) at >> rr_mod.c:272 >> #4 0x080545dd in do_action (a=0x81bdb2c, msg=0x81d1bec) at action.c:967 >> #5 0x08057308 in run_action_list (a=0x81bdb2c, msg=0x81d1bec) at >> action.c:139 >> #6 0x080554dd in do_action (a=0x81bdb98, msg=0x81d1bec) at action.c:706 >> #7 0x08057308 in run_action_list (a=0x81bd578, msg=0x81d1bec) at >> action.c:139 >> #8 0x080576a3 in run_top_route (a=0x81bd578, msg=0x81d1bec) at >> action.c:119 >> #9 0x0809ddf2 in receive_msg ( >> buf=0x8192380 "OPTIONS sip:sip.comtube.ru <http://sip.comtube.ru> >> SIP/2.0\r\nVia: SIP/2.0/UDP >> 85.21.245.172:5060;branch=z9hG4bK57769584;rport\r\nMax-Forwards: >> 69\r\nFrom: \"asterisk\" <sip:[email protected] >> <mailto:sip%[email protected]>>;tag=as58d6d6b9\r\nTo: >> <sip:sip.comtu"..., len=511, rcv_info=0xbff388d4) at receive.c:162 >> #10 0x080e5056 in udp_rcv_loop () at udp_server.c:492 >> #11 0x08070adf in main (argc=5, argv=0xbff38ae4) at main.c:821 >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> -- С уважением, Alexander mailto:[email protected] _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
