Crash in pdb module

[miconda]

Description

Investigating a report on a Kamailio crash, it led to pdb module, with the following backtrace:

#0  0x0000000000000000 in ?? ()
#1  0x00007f870472fa33 in vfprintf () from /lib64/libc.so.6
#2  0x00007f87047562bb in vsprintf () from /lib64/libc.so.6
#3  0x00007f8704738457 in sprintf () from /lib64/libc.so.6
#4  0x00007f86f881c6f9 in pdb_msg_dbg (msg=..., dbg_msg=0x7f86f8828313 "Kamailio pdb client receives:") at pdb.c:152
#5  0x00007f86f88204e4 in pdb_query (_msg=0x7f8700fae068, _number=0x7f8700fa2e88, _dstavp=0x7f8700fa2f10) at pdb.c:335
#6  0x000000000047b72c in do_action (h=0x7ffeb03d10e0, a=0x7f8700abf678, msg=0x7f8700fae068) at core/action.c:1079
#7  0x0000000000487e70 in run_actions (h=0x7ffeb03d10e0, a=0x7f8700abf678, msg=0x7f8700fae068) at core/action.c:1569
#8  0x0000000000488531 in run_actions_safe (h=0x7ffeb03d3180, a=0x7f8700abf678, msg=0x7f8700fae068) at core/action.c:1633
#9  0x0000000000447f40 in rval_get_int (h=0x7ffeb03d3180, msg=0x7f8700fae068, i=0x7ffeb03d18b0, rv=0x7f8700ac0148, cache=0x0) at core/rvalue.c:912
#10 0x000000000044c4f0 in rval_expr_eval_int (h=0x7ffeb03d3180, msg=0x7f8700fae068, res=0x7ffeb03d18b0, rve=0x7f8700ac0140) at core/rvalue.c:1910

Looking at the data in frame 4, it looks that an empty (0-ed) pdb structure is printed:

(gdb) frame 4
#4  0x00007f86f881c6f9 in pdb_msg_dbg (msg=..., dbg_msg=0x7f86f8828313 "Kamailio pdb client receives:") at pdb.c:152
152	        ptr += sprintf(ptr,"%02X ", msg.bdy.payload[i]);
(gdb) p i
$1 = 263
(gdb) p msg
$2 = {hdr = {version = 0 '\000', type = 0 '\000', code = 0 '\000', length = 0 '\000', id = 0}, bdy = {payload = '\000' <repeats 248 times>}}
(gdb) p msg.hdr.length
$3 = 0 '\000'

I just pushed commit 3c07e23 for a safety check, but not being the developer of the module, I am not sure it is supposed to deal with a 0-ed pdb structure, or the issue is somewhere else, leading to this 0-only structure content.

Therefore I am opening this one for further analyze, if the commit above is enough, just close the issue.

Troubleshooting

Reproduction

Try to send traffic to a config using pdb matching PDB_VERSION_1.

Debugging Data

gdb backtrace above

Log Messages

N/A

SIP Traffic

N/A

Possible Solutions

Additional Information

• Kamailio Version - output of kamailio -v

kamailio -v
version: kamailio 5.2.3 (x86_64/linux) c36229
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: c36229
compiled on 10:34:54 Jun 13 2019 with gcc 4.8.5

• Operating System:

CentOS 7 with Kamailio installed from RPM (using opensuse build service repo)

[lbalaceanu]

Thank you, looking on this.

[lbalaceanu]

Hi @miconda ; Can you please give more info as to how the coredump was obtained? I mean on the server side? I think that the only way one can get there is mixing a version "0" utils/pdbt server with a version 1 kamailio pdb client.
Thank you

[lbalaceanu]

Issue seems to appear only when mixing v0 server and v1 client. Closing bug as your fixes are enough.

[miconda]

@miconda - indeed, I asked yesterday further about such case and it seems it was a mixed version server-client. Thanks for looking into it.