THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened. Details are below.

User who did this - Vicente Hernando (vicente)

Attached to Project - sip-router Summary - ndb_redis redisc_free_reply bug Task Type - Bug Report Category - Module Status - Unconfirmed Assigned To - Operating System - All Severity - Critical Priority - Normal Reported Version - Development Due in Version - Undecided Due Date - Undecided Details - Due to ndb_redis redisc_free_reply function I created in redis_client.c file, a bug has appeared able to crash kamailio.

In pv_get_redisc function in ndb_redis_mod.c these lines appear:

if(rpv->reply==NULL) { rpv->reply = redisc_get_reply(&rpv->rname); if(rpv->reply==NULL) return pv_get_null(msg, param, res); }

That means it stores old redisc_reply_t in rpv->reply and if it has been freed with redisc_free_reply function a segmentation fault would happen.

I find three solutions:

patch one changes if(rpv->reply==NULL) into if(1). Disadvantage is it will always have to search the reply using redisc_get_reply adding some overhead.

patch two changes redisc_free_reply function and deletes only inner redisReply structure. So once a redisc_reply_t is created it could be reused, but never deleted.

Another solution would be completely deleting redisc_free_reply function.

In my opinion second and third approaches are the best.

Any comments?

More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=242

You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.