Re: [sr-dev] Crash bug freeing To headers

On 9/16/13 10:06 AM, Alex Balashov wrote: The issue seems to be a write of data before the allocated pointer or more than allocated. From the logs, the chunk before is used for $var(...) and the sources doesn't reveal any bug, furthermore, the chunk with issue has its beginning ok, thus it is very likely to be a write before the pointer. The chuck with issues is from the To header parser, also with low chances for issues, because it just contain pointers, so a write will be at the addresses pointed from here. The next chunk is from db_postgres and might be an issue to write at invalid row index, but I couldn't spot where that can happen. Anyhow, my plan was to replace memcpy, strcpy and strncpy function to write in logs the pointers they work with, in order to see what code is overwriting the chunk head. (I hope is not a memove or some internal copy function) The procedure is not that complex. Attached is a file crepl.c, copy it on the same system and compile it with: gcc -shared -ldl -fPIC crepl.c -o libcrepl.so You have to start kamailio from command line, also with log_stderror=yes and stderr redirected to a file: LD_PRELOAD=/path/to/libcrepl.so /path/to/kamailio -f /path/to/kamailio.cfg -E -ddd 2>/tmp/kamailio.log (-f, -E, -ddd are optional, as they can be default value or what is in config file). I haven't made the functions to write to syslog, thus you have to configure kamailio to write to stderror and save the output in a file. Or you change the crepl.c file to write to syslog. You should see in logs a lot of messages with mem copy operations, prefixed with '======...'. Send me all the logs, full backtrace as well as the other details I asked for. Cheers, Daniel -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Trainings - Berlin, Oct 21-24; Miami, Nov 11-13, 2013 - more details about Kamailio trainings at http://www.asipto.com -