1 Sep
2018
1 Sep
'18
5:09 p.m.
### Description
I want convert `application/sdp` body of INVITE message to `multipart/mixed`. For this
used
[contruction](https://kamailio.org/docs/modules/devel/modules/textops.html#t…
```
set_body_multipart("test", "text/plain", "delimiter");
msg_apply_changes();
$var(b) = "7e Od 04 55 75 69 20 4d 61 6b 65 43 61 6c 6c"
append_body_part("$var(b)", "application/vnd.cirpack.isdn-ext",
"signal;handling=required");
```
For some reason `msg_apply_changes` is not applied and then `append_body_part` causes
coredump.
### Troubleshooting
#### Reproduction
On alpine dist or on docker contained `kamailio/kamailio-ci` need add load [kazoo
config](https://github.com/2600hz/kazoo-configs-kamailio) and apply this patch
```
diff --git a/kamailio/default.cfg b/kamailio/default.cfg
index bc4a084..4b85642 100644
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@@ -334,6 +334,13 @@ route
route(AUTHORIZATION_CHECK);
#!endif
+ if (is_method("INVITE") && isflagset(FLAG_INTERNALLY_SOURCED)) {
+ set_body_multipart();
+ msg_apply_changes();
+ $var(b) = "7e Od 04 55 75 69 20 4d 61 6b 65 43 61 6c 6c";
+ append_body_part("$var(b)",
"application/vnd.cirpack.isdn-ext", "signal;handling=required");
+ }
+
route(HANDLE_MESSAGE_WRAPPER);
#!ifdef PRESENCE_ROLE
```
Then make call to other phone.
#### Debugging Data
```
(gdb) bt
#0 0x00007f1235f96f1b in __syscall4 (a4=<optimized out>, a3=<optimized out>,
a2=<optimized out>, a1=<optimized out>, n=<optimized out>)
at ./arch/x86_64/syscall_arch.h:38
#1 __restore_sigs (set=set@entry=0x7ffc151162d0) at src/signal/block.c:43
#2 0x00007f1235f97035 in raise (sig=sig@entry=6) at src/signal/raise.c:13
#3 0x00007f1235f6efb4 in abort () at src/exit/abort.c:9
#4 0x00005598707495a2 in free_lump (lmp=0x7f1235e76478) at core/data_lump.c:464
#5 0x000055987074965d in free_lump_list (l=l@entry=0x7f1235e763d8) at
core/data_lump.c:498
#6 0x000055987074983a in del_nonshm_lump (lump_list=lump_list@entry=0x7f1235e737b8) at
core/data_lump.c:647
#7 0x0000559870785c43 in replace_body (msg=msg@entry=0x7f1235e73208, txt=...) at
core/msg_translator.c:1667
#8 0x000055987078d205 in check_boundaries (msg=msg@entry=0x7f1235e73208,
send_info=send_info@entry=0x7f12322d6df8) at core/msg_translator.c:1874
#9 0x000055987078d5d3 in build_req_buf_from_sip_req (msg=msg@entry=0x7f1235e73208,
returned_len=returned_len@entry=0x7ffc151166fc,
send_info=0x7f12322d6df8, mode=mode@entry=128) at core/msg_translator.c:1979
#10 0x00007f123602a1ec in prepare_new_uac (t=t@entry=0x7f12322d6b90,
i_req=i_req@entry=0x7f1235e73208, branch=branch@entry=0, uri=<optimized out>,
uri@entry=0x7f1235e73480, path=<optimized out>, next_hop=<optimized out>,
fsocket=0x7f1235e5ba50, snd_flags=..., fproto=0, flags=0,
instance=<optimized out>, ruid=<optimized out>, location_ua=<optimized
out>) at t_fwd.c:474
#11 0x00007f123602b665 in add_uac (t=t@entry=0x7f12322d6b90,
request=request@entry=0x7f1235e73208, uri=0x7f1235e73480, next_hop=<optimized out>,
path=<optimized out>, proxy=proxy@entry=0x0, fsocket=0x7f1235e5ba50,
snd_flags=..., proto=0, flags=0, instance=0x7f1235e73850, ruid=0x7f1235e73868,
location_ua=0x7f1235e73878) at t_fwd.c:800
#12 0x00007f12360307b8 in t_forward_nonack (t=0x7f12322d6b90,
p_msg=p_msg@entry=0x7f1235e73208, proxy=proxy@entry=0x0, proto=proto@entry=0) at
t_fwd.c:1680
#13 0x00007f123603ee65 in t_relay_to (p_msg=0x7f1235e73208, proxy=0x0, proto=0,
replicate=0) at t_funcs.c:331
#14 0x000055987076fbb8 in do_action (h=h@entry=0x7ffc15118360, a=a@entry=0x7f1235bbf528,
msg=msg@entry=0x7f1235e73208) at core/action.c:1073
#15 0x000055987076ac5d in run_actions (h=h@entry=0x7ffc15118360, a=0x7f1235bb1c28,
msg=msg@entry=0x7f1235e73208) at core/action.c:1565
#16 0x000055987076dbb3 in do_action (h=h@entry=0x7ffc15118360, a=a@entry=0x7f1235bad570,
msg=msg@entry=0x7f1235e73208) at core/action.c:691
#17 0x000055987076ac5d in run_actions (h=h@entry=0x7ffc15118360, a=0x7f1235bad570,
msg=msg@entry=0x7f1235e73208) at core/action.c:1565
#18 0x000055987076fb99 in do_action (h=h@entry=0x7ffc15118360, a=a@entry=0x7f1235baf5c8,
msg=msg@entry=0x7f1235e73208) at core/action.c:1062
#19 0x000055987076ac5d in run_actions (h=h@entry=0x7ffc15118360, a=0x7f1235bac9d0,
msg=msg@entry=0x7f1235e73208) at core/action.c:1565
#20 0x000055987076dbb3 in do_action (h=h@entry=0x7ffc15118360, a=a@entry=0x7f1235b71db8,
msg=msg@entry=0x7f1235e73208) at core/action.c:691
#21 0x000055987076ac5d in run_actions (h=h@entry=0x7ffc15118360, a=a@entry=0x7f1235b69540,
msg=msg@entry=0x7f1235e73208) at core/action.c:1565
#22 0x0000559870775dc7 in run_top_route (a=0x7f1235b69540, msg=msg@entry=0x7f1235e73208,
c=c@entry=0x0) at core/action.c:1654
#23 0x00005598707660c1 in receive_msg (
buf=buf@entry=0x559870a51640 <buf> "INVITE sip:safarov2@node1.nga911.com
SIP/2.0\r\nVia: SIP/2.0/UDP 10.0.9.35:11000;rport;branch=z9hG4bK69ag32Nr5gFjH\r\nRoute:
<sip:10.0.9.39:5060>\r\nMax-Forwards: 48\r\nFrom: \"Sergey Safarov\"
<sip:1240@node1."..., len=<optimized out>,
rcv_info=rcv_info@entry=0x7ffc151186c0) at core/receive.c:278
#24 0x00005598708131fb in udp_rcv_loop () at core/udp_server.c:554
#25 0x0000559870744fb6 in main_loop () at main.c:1619
#26 0x000055987073d51f in main (argc=<optimized out>, argv=<optimized out>) at
main.c:2638
```
Full backtrace at
[bt_full.txt](https://github.com/kamailio/kamailio/files/2342768/bt_full.txt)
#### Log Messages
Please look
[kamailio_console.txt](https://github.com/kamailio/kamailio/files/2342769/ka…
#### SIP Traffic
Crash when started modification of packet 73 of pcap file
[sip.pcap.gz](https://github.com/kamailio/kamailio/files/2342770/sip.pcap.gz)
### Possible Solutions
Not known
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
/ # kamailio -v
version: kamailio 5.1.5 (x86_64/linux)
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE,
USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC,
DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER,
USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535,
DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled on 16:32:28 Sep 1 2018 with gcc 6.4.0
```
* **Operating System**:
```
/ # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.8.0
PRETTY_NAME="Alpine Linux v3.8"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631
2 Sep
2 Sep
5:34 a.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
Can you try with msg_apply_changes() after append_body_part(...)?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-417917102
4:24 p.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
In this case crash is not happens but SDP not have second multipart content.
Also kamailio logs have this messages.
```
12(16) ERROR: textops [textops.c:2232]: ki_append_multibody_cd(): Cannot get boundary. Is
body multipart?
12(16) INFO: <core> [core/msg_translator.c:1713]: get_boundary(): Content-Type hdr
has no params <application/sdp>
12(16) WARNING: <core> [core/msg_translator.c:1980]: build_req_buf_from_sip_req():
check_boundaries error
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-417957321
4:55 p.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
Is will help gdb backtrace when gcc optimisation is disabled?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-417959247
6:38 p.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
I resolved issue after applying this patch. But I not sure that it is all that must be
done
```
diff --git a/src/core/data_lump.c b/src/core/data_lump.c
index e033b4e..6592fce 100644
--- a/src/core/data_lump.c
+++ b/src/core/data_lump.c
@@ -644,7 +644,10 @@ void del_nonshm_lump( struct lump** lump_list )
/* update the 'next' link of the previous lump */
*prev = crt;
/* entire before/after list must be removed */
- free_lump_list( foo );
+ if (!(foo->flags&(LUMPFLAG_DUPED|LUMPFLAG_SHMEM)))
+ free_lump_list( foo );
+ if (!(foo->flags&LUMPFLAG_SHMEM))
+ free_duped_lump_list(foo);
} else {
/* check on before and prev list for non-shmem lumps */
r = crt->after;
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-417964774
3 Sep
3 Sep
8:14 a.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
Kamailio now works without crash, but i can see in logs
```
135(139) CRITICAL: <core> [core/mem/q_malloc.c:502]: qm_free(): BUG: freeing already
freed pointer (0x7f6b2991e638), called from core: core/data_lump.c:
free_duped_lump_list(625), first free core: core/data_lump.c: free_lump_list(504) -
aborting
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-418097819
9:15 a.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
Also `body` now have two content elements, but in logs i still can see
```
21(25) INFO: <core> [core/msg_translator.c:1713]: get_boundary(): Content-Type hdr
has no params <application/sdp>
21(25) WARNING: <core> [core/msg_translator.c:1980]: build_req_buf_from_sip_req():
check_boundaries error
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-418112279
11 Sep
11 Sep
7:23 a.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
Can you make a minimal config that reproduces the issue? Running kazoo is not an easy
option.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-420239446
11 Nov
11 Nov
1:15 a.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
This is paused until is resolved ticket 1719
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-437646590
19 Nov
19 Nov
6:19 a.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
I have tested two cases on reference config with loaded `textopsx.so` enabled roles.
```
+#!define WITH_DEBUG
+#!define WITH_MYSQL
+#!define WITH_AUTH
+#!define WITH_USRLOCDB
```
First case works as expected
```
/* Main SIP request routing logic
* - processing of any incoming SIP request starts with this route
* - note: this is the same as route { ... } */
request_route {
if (is_method("INVITE") &&
has_body("application/sdp")) {
set_body_multipart("delimiter");
if (msg_apply_changes()) {
$var(b) = "7e Od 04 55 75 69 20 4d 61 6b 65 43 61 6c 6c";
append_body_part("$var(b)",
"application/vnd.cirpack.isdn-ext", "signal;handling=required");
if(msg_apply_changes()) {
xlog("L_INFO", "Body converted Succesfully $rU
\n");
}
}
}
```
Second is generated core dump
```
/* Main SIP request routing logic
* - processing of any incoming SIP request starts with this route
* - note: this is the same as route { ... } */
request_route {
if (is_method("INVITE") &&
has_body("application/sdp")) {
set_body_multipart("delimiter");
if (msg_apply_changes()) {
$var(b) = "7e Od 04 55 75 69 20 4d 61 6b 65 43 61 6c 6c";
append_body_part("$var(b)",
"application/vnd.cirpack.isdn-ext", "signal;handling=required");
# if(msg_apply_changes()) {
# xlog("L_INFO", "Body converted Succesfully $rU
\n");
# }
}
}
```
Looks as kamailio generate core dump when added multipart and not called `
msg_apply_changes()` in call processing.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-439859312
7 Dec
7 Dec
5:44 a.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
Related to https://github.com/kamailio/kamailio/issues/1758 issue
And to https://github.com/kamailio/kamailio/pull/1759 PR
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-445194155
15 Jan
15 Jan
4:03 a.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
Closed #1631.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#event-2073988997
4:03 a.m.
New subject: [kamailio/kamailio] coredump when used append_body_part (#1631)
Closing - GH #1759 was merged.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1631#issuecomment-454316232
2040
days inactive
2176
days old
12 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
sergey-safarov