[kamailio/kamailio] Kamailio crash with invalid statement in configuration (#2227) - sr-dev

23 Feb 2020


      Kamailio crash with invalid statement in configuration. I already investigated several probable causes to some extend, but did not managed to find a fix yet.
```
$ cat ../etc/crash.cfg (note the capital "I" at the if-case, memdbg was just added for debugging)
#!KAMAILIO
memdbg=3
loadmodule "textops.so"
request_route {
        Iif (is_method("CANCEL")) {
                exit;
        }
}
```
henning@static:~/repositories/kamailio/src$ ./kamailio -L modules -Y /tmp -T -S -n 1 -D -m 16 -M 4 -f ../etc/crash.cfg -E 
 0(24666) ERROR: <core> [core/cfg.y:3403]: yyparse(): cfg. parser: failed to find command Iif (params 2)
 0(24666) CRITICAL: <core> [core/cfg.y:3544]: yyerror_at(): parse error in config file /home/henning/repositories/kamailio/src/../etc/crash.cfg, line 7, column 26: unknown command, missing loadmodule?
0(24666) ERROR: <core> [core/cfg.y:3407]: yyparse(): free function 0x7fa138bc1d60
Segmentation fault
```
output from GDB, current git master:
Program received signal SIGSEGV, Segmentation fault.
0x0000555555843e4e in rve_destroy (rve=0xc0c0c0c0) at core/rvalue.c:147
147                     if (rve->op==RVE_RVAL_OP){
(gdb) bt
#0  0x0000555555843e4e in rve_destroy (rve=0xc0c0c0c0) at core/rvalue.c:147
#1  0x00005555558447e1 in rve_destroy (rve=0x7ffff6c98738) at core/rvalue.c:168
#2  0x000055555599b031 in free_mod_func_action (a=0x7ffff6c97d60) at core/cfg.y:3997
#3  0x000055555599665b in yyparse () at core/cfg.y:3408
#4  0x000055555558fbd1 in main (argc=18, argv=0x7fffffffe378) at main.c:2309
(gdb) p rve->op
Cannot access memory at address 0xc0c0c0c0
(gdb) p rve
$1 = (struct rval_expr *) 0xc0c0c0c0
(gdb) f 1
#1  0x00005555558447e1 in rve_destroy (rve=0x7ffff6c98738) at core/rvalue.c:168
168                                     rve_destroy(rve->left.rve);
(gdb) p rve->left
$2 = {rve = 0xc0c0c0c0, rval = {type = 3233857728, refcnt = 0, v = {p = 0xabcdefed, l = 2882400237, s = {s = 0xabcdefed <error: Cannot access memory at address 0xabcdefed>, len = 0}, avps = {type = 2882400237, name = {n = 0, s = {s = 0x0, len = 0}, re = 0x0}, 
        index = 8}, sel = {f = {0xabcdefed, 0x0, 0x0, 0x8}, param_offset = {0, 0, 3598392, 0, -154930224}, params = {{type = 1436524721, v = {i = 1436573777, s = {s = 0x555555a06051 "fragm. from qm_malloc", len = 1436524587}, p = 0x555555a06051}}, {type = 1260, v = {
              i = -252645136, s = {s = 0xf0f0f0f0 <error: Cannot access memory at address 0xf0f0f0f0>, len = 0}, p = 0xf0f0f0f0}}, {type = SEL_PARAM_INT, v = {i = 0, s = {s = 0x0, len = 0}, p = 0x0}} <repeats 30 times>}, n = 0}, pvs = {type = 2882400237, getf = 0x0, 
        setf = 0x0, pvp = {pvn = {type = 8, nfree = 0x0, u = {isname = {type = 3598392, name = {n = -154930224, s = {s = 0x7ffff6c3f3d0 "", len = 1436524721}, re = 0x7ffff6c3f3d0}}, dname = 0x36e838}}, pvi = {type = 1436573777, u = {ival = 1436524587, 
              dval = 0x5555559fa02b}}}, trans = 0x4ec}, action = 0xabcdefed, bexpr = 0xabcdefed, re = {s = {s = 0xabcdefed <error: Cannot access memory at address 0xabcdefed>, len = 0}, regex = 0x0}}, bsize = 0, flags = 0, buf = ""}}
(gdb) p rve
$3 = (struct rval_expr *) 0x7ffff6c98738
(gdb) p *rve
$4 = {op = 1129201987, left = {rve = 0xc0c0c0c0, rval = {type = 3233857728, refcnt = 0, v = {p = 0xabcdefed, l = 2882400237, s = {s = 0xabcdefed <error: Cannot access memory at address 0xabcdefed>, len = 0}, avps = {type = 2882400237, name = {n = 0, s = {s = 0x0, 
              len = 0}, re = 0x0}, index = 8}, sel = {f = {0xabcdefed, 0x0, 0x0, 0x8}, param_offset = {0, 0, 3598392, 0, -154930224}, params = {{type = 1436524721, v = {i = 1436573777, s = {s = 0x555555a06051 "fragm. from qm_malloc", len = 1436524587}, 
                p = 0x555555a06051}}, {type = 1260, v = {i = -252645136, s = {s = 0xf0f0f0f0 <error: Cannot access memory at address 0xf0f0f0f0>, len = 0}, p = 0xf0f0f0f0}}, {type = SEL_PARAM_INT, v = {i = 0, s = {s = 0x0, len = 0}, p = 0x0}} <repeats 30 times>}, 
          n = 0}, pvs = {type = 2882400237, getf = 0x0, setf = 0x0, pvp = {pvn = {type = 8, nfree = 0x0, u = {isname = {type = 3598392, name = {n = -154930224, s = {s = 0x7ffff6c3f3d0 "", len = 1436524721}, re = 0x7ffff6c3f3d0}}, dname = 0x36e838}}, pvi = {
              type = 1436573777, u = {ival = 1436524587, dval = 0x5555559fa02b}}}, trans = 0x4ec}, action = 0xabcdefed, bexpr = 0xabcdefed, re = {s = {s = 0xabcdefed <error: Cannot access memory at address 0xabcdefed>, len = 0}, regex = 0x0}}, bsize = 0, flags = 0, 
      buf = ""}}, right = {rve = 0x0, rval = {type = RV_NONE, refcnt = 0, v = {p = 0x0, l = 0, s = {s = 0x0, len = 0}, avps = {type = 0, name = {n = 0, s = {s = 0x0, len = 0}, re = 0x0}, index = 0}, sel = {f = {0x0, 0x0, 0x0, 0x0}, param_offset = {0, 0, 0, 0, 0}, 
          params = {{type = SEL_PARAM_INT, v = {i = 0, s = {s = 0x0, len = 0}, p = 0x0}} <repeats 32 times>}, n = 0}, pvs = {type = PVT_NONE, getf = 0x0, setf = 0x0, pvp = {pvn = {type = 0, nfree = 0x0, u = {isname = {type = 0, name = {n = 0, s = {s = 0x0, len = 0}, 
                    re = 0x0}}, dname = 0x0}}, pvi = {type = 0, u = {ival = 0, dval = 0x0}}}, trans = 0x0}, action = 0x0, bexpr = 0x0, re = {s = {s = 0x0, len = 0}, regex = 0x0}}, bsize = 0, flags = 0, buf = ""}}, fpos = {s_line = 0, e_line = 0, s_col = 0, e_col = 0, 
    fname = 0x0, rname = 0x0}}
(gdb)
```
-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2227