<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Arial; font-size: 12pt; color: #000000'><P>We were experiencing the issue with 1.5.4 released version, we upgraded from svn and the issue still persists. I have a backtrace from both versions.</P>
<P> </P>
<P>I agree it is a free of a null pointer, but the if(hf->parsed) should be the test for NULL, and only execute code if not NULL. However this test is failing. </P>
<P> </P>
<P> </P><BR>----- Original Message -----<BR>From: "Henning Westerholt" <henning.westerholt@1und1.de><BR>To: sr-users@lists.sip-router.org<BR>Cc: "Alex Balashov" <abalashov@evaristesys.com>, gwillingham@comcast.net<BR>Sent: Monday, August 30, 2010 11:45:11 AM<BR>Subject: Re: [SR-Users] Kamailio 1.5.4 crash<BR><BR>On Monday 30 August 2010, Alex Balashov wrote:<BR>> On 08/30/2010 11:33 AM, gwillingham@comcast.net wrote:<BR>> > output from gdb shows hf->parsed to be NULL, however the call to<BR>> > free_to(hf->parsed) is being called, from there bad things happen.<BR>> <BR>> Sounds like a double free(), or a free() of something that was never<BR>> allocated.<BR><BR>Hello Gene,<BR><BR>1.5.4 was released in February, i think - do you use the version from tar.gz? <BR>I've checked the file in question, there were one fix in the last month:<BR><BR>r6036 | miconda | 2010-07-30 20:18:33 +0200 (Fr, 30 Jul 2010) | 4 lines<BR>- fix off-by-one bug for quoted parameter values in parse_to<BR>- patch by Alex Hermann, SF#3035382<BR><BR>which maybe could help you here. I'd suggest that you extract the SIP message <BR>in question from the backtrace (receive_msg, buf) and then try to reproduce <BR>the crash. If it crash again, just update to the latest 1.5 branch state, and <BR>see if it crashes again. It contains some more fixes, one or two also could <BR>cause crashes in some special conditions.<BR><BR>Cheers,<BR><BR>Henning<BR></div></body></html>