[sr-dev] Crash bug freeing To headers
Alex Balashov
abalashov at evaristesys.com
Mon Sep 16 10:28:26 CEST 2013
Daniel,
Thank you; should this be run in high debug (3 or 4) mode?
-- Alex
On 09/16/2013 04:26 AM, Daniel-Constantin Mierla wrote:
>
> On 9/16/13 10:06 AM, Alex Balashov wrote:
>> On 09/16/2013 04:05 AM, Daniel-Constantin Mierla wrote:
>>> [...]
>>>
>>> If you can't corelate with old logs and plan reproduce it, then let me
>>> know. I may give some extra instructions to get even more information.
>>
>> I think reproducing it is easier at this point. Please let me know
>> what other info you'd like, beyond what you requested in the private
>> e-mail.
>>
> The issue seems to be a write of data before the allocated pointer or
> more than allocated. From the logs, the chunk before is used for
> $var(...) and the sources doesn't reveal any bug, furthermore, the chunk
> with issue has its beginning ok, thus it is very likely to be a write
> before the pointer. The chuck with issues is from the To header parser,
> also with low chances for issues, because it just contain pointers, so a
> write will be at the addresses pointed from here. The next chunk is from
> db_postgres and might be an issue to write at invalid row index, but I
> couldn't spot where that can happen.
>
> Anyhow, my plan was to replace memcpy, strcpy and strncpy function to
> write in logs the pointers they work with, in order to see what code is
> overwriting the chunk head. (I hope is not a memove or some internal
> copy function)
>
> The procedure is not that complex. Attached is a file crepl.c, copy it
> on the same system and compile it with:
>
> gcc -shared -ldl -fPIC crepl.c -o libcrepl.so
>
> You have to start kamailio from command line, also with log_stderror=yes
> and stderr redirected to a file:
>
> LD_PRELOAD=/path/to/libcrepl.so /path/to/kamailio -f
> /path/to/kamailio.cfg -E -ddd 2>/tmp/kamailio.log
>
> (-f, -E, -ddd are optional, as they can be default value or what is in
> config file). I haven't made the functions to write to syslog, thus you
> have to configure kamailio to write to stderror and save the output in a
> file. Or you change the crepl.c file to write to syslog.
>
> You should see in logs a lot of messages with mem copy operations,
> prefixed with '======...'.
>
> Send me all the logs, full backtrace as well as the other details I
> asked for.
>
> Cheers,
> Daniel
>
>
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
--
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Decatur, GA 30030
United States
Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
More information about the sr-dev
mailing list