update + workaround
replace_body_atonce function is very similar to replace_body_all but is
replace_body_atonce is defined to use fixup_regexpNL_none for incoming
parameters processing. Apparantly something in fixup_regexpNL_none is
causing the issue because when I change definition for replace_body_atonce
to use fixup_regexp_none (just like its "sister" function replace_body_all)
everything is working fine and no crash.
I am not sure about significance of fixup_regexpNL_none as it is not used by
any other function but replace_body_atonce however, as workaround I ended up
utilizing replace_body_all for my search + replace needs.
As far as fixup_regexpNL_none; I see it uses regcomp but I do not see a call
to regfee... So that is might be the root cause of the memory issue.
-----Original Message-----
From: denis(a)dilvest.com [mailto:denis@dilvest.com]
Sent: Wednesday, June 17, 2015 4:59 PM
To: 'sr-dev(a)lists.sip-router.org'
Subject: RE: Kamailio crashes when using replace_body_atonce from Textops
upon further tracing it looks like crash happens in action.c
MODF_RVE_PARAM_FREE when calling pkg_free((dst)[i+2].u.data);
-----Original Message-----
From: denis(a)dilvest.com [mailto:denis@dilvest.com]
Sent: Wednesday, June 17, 2015 1:25 PM
To: 'sr-dev(a)lists.sip-router.org'
Subject: Kamailio crashes when using replace_body_atonce from Textops
Hi,
Need some help resolving Kamailio crash.
Kamailio version 4.1 on Centos (uname -r "Linux 2.6.18-164.11.1.el5")
The issue:
I want to replace text in the message body using replace_body_atonce from
TextOps module
Works fine when called like:
replace_body_atonce("123456789","000");
Works fine when called like:
$var(replacewith)="000";
replace_body_atonce("123456789",$var(replacewith));
However, Kamailio crashes when called like
$var(findwhat)="123456789";
$var(replacewith)="000";
replace_body_atonce($var(findwhat),$var(replacewith));
The following is in the log
Jun 17 16:21:08 tms /usr/local/sbin/kamailio[18614]: ERROR: textops
[textops.c:570]: do_replace_body_f(): exit Jun 17 16:21:08 tms
/usr/local/sbin/kamailio[18614]: : <core> [mem/q_malloc.c:454]: qm_free():
BUG: qm_free: bad pointer 0xc0c0c0c0 (out of memory block!) called from
<core>: action.c: do_action(1164) - aborting Jun 17 16:21:08 tms
/usr/local/sbin/kamailio[18612]: ALERT: <core> [main.c:778]: handle_sigs():
child process 18614 exited by a signal 6 Jun 17 16:21:08 tms
/usr/local/sbin/kamailio[18612]: ALERT: <core> [main.c:781]: handle_sigs():
core was not generated
For some reason no core dump is generated ( i have tried "ulimit -c
unlimited" and "echo "1" > /proc/sys/kernel/core_uses_pid").
However, I
added log entry right before replace_body_atonce returns and I do see that
replace_body_atonce completes and returns but then crashes.
I can easily reproduce the issue. Please let me know if you have some
suggestion to try (even in the code as I can recompile it).
Thanks,
Denis
Show replies by date