Module: sip-router Branch: master Commit: e7096bf24310b71623520a3b963ddc50c111827c URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e7096bf… Author: Marius Zbihlei &lt;marius.zbihlei(a)1and1.ro&gt; Committer: Marius Zbihlei &lt;marius.zbihlei(a)1and1.ro&gt; Date: Fri Jul 23 11:32:25 2010 +0300 modules_k/pv : Fixed a bug in pv transformation (tobody transformation), that caused a segmentation fault. The bug was caused by a incorrect error handling of the parse_to() method (defined in parser/parse_to.c). The function returns a char* (pointer to the last character parsed), in case of error it updates an error status. On incorrect to params, a segmentation fault happened after some time.(Because of a double pkg_free). --- modules_k/pv/pv_trans.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules_k/pv/pv_trans.c b/modules_k/pv/pv_trans.c index dbe2ab7..5d60d04 100644 --- a/modules_k/pv/pv_trans.c +++ b/modules_k/pv/pv_trans.c @@ -987,7 +987,8 @@ int tr_eval_tobody(struct sip_msg *msg, tr_param_t *tp, int subtype, /* parse params */ sv = _tr_tobody_str; - if (parse_to(sv.s, sv.s + sv.len + 2, &_tr_tobody)<0) + parse_to(sv.s, sv.s + sv.len + 2, &_tr_tobody); + if (_tr_tobody.error == PARSE_ERROR) { memset(&_tr_tobody, 0, sizeof(struct to_body)); pkg_free(_tr_tobody_str.s);