<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
I applied slightly different version of your patch -- I took it from
4.1 (where this issue was fixed in a combined commit), because
should make life easier with future backports, as the patches should
match better same piece of code between various branches.<br>
<br>
Let me know if works ok.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 27/02/14 14:49, Dragos Oancea wrote:<br>
</div>
<blockquote
cite="mid:1393508940.95458.YahooMailNeo@web122604.mail.ne1.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, sans-serif;font-size:10pt">
<div>Hi</div>
<div><br>
</div>
<div><span style="font-size: 10pt;">We think that we found and
fix a bug in the registrar module. The bug is hard to
reproduce, and it crashes our Kamailio from time to time
(once at 2-3 weeks for us) .</span><br>
</div>
<div><br>
</div>
<div>In save.c, function update_contacts() there are two places
where we free() a pointer and then we reuse it, line 700 and
line 730:</div>
<div><br>
</div>
<div>while(ptr){</div>
<div><br>
</div>
<div> ptr0 = ptr;</div>
<div> if(ptr!=c)</div>
<div> ul.delete_ucontact(_r, ptr);</div>
<div> ptr=ptr0->next;</div>
<div>}</div>
<div><br>
</div>
<div><br>
</div>
<div>And then from inside delete_ucontact(_r,ptr) we call
mem_delete_ucontact(_r, _c) which calls </div>
<div>free_ucontact(_c) , which calls shm_free(_c) . _c is
actually our ptr.</div>
<div><br>
</div>
<div>If another process writes at the location pointed by ptr
during the "while" loop , the current process will crash.</div>
<div><br>
</div>
<div>The bug affects 4.0.4, 4.0.5 and maybe older versions.</div>
<div><br>
</div>
<div>We keep the location table in memory, no database backend,
and we do alot of REGISTER/un-REGISTER in our environment,</div>
<div>and maybe that's why this bug was not spotted by the
community before.</div>
<div><br>
</div>
<div><span style="font-size: 10pt;">Just to clarify, this fix is
in relation with this post:</span><br>
</div>
<div><a class="moz-txt-link-freetext" href="http://lists.sip-router.org/pipermail/sr-dev/2014-February/022934.html">http://lists.sip-router.org/pipermail/sr-dev/2014-February/022934.html</a></div>
<div><br>
</div>
<div><span style="font-size: 10pt;">Please take into
consideration the attached patch provided by the Libon Voice
Team.</span><br>
</div>
<div><br>
</div>
<div>Regards,</div>
<div>Dragos Oancea</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a></pre>
</body>
</html>