Browse code

core: skip abort() in free_lump() for LUMPFLAG_DUPED

- the LUMPFLAG_DUPED is set when duplicating lumps list for branch route
execution, but some functions such as set_body() may want to clean them
- report and minimal reproducing config by Henning Westerholt

(cherry picked from commit 57ee97f52dd90c86743b6fd6dd682285ef994e80)

Daniel-Constantin Mierla authored on 09/09/2020 13:33:18 • Henning Westerholt committed on 09/09/2020 14:43:01
Showing 1 changed files
... ...
@@ -452,14 +452,17 @@ struct lump* anchor_lump2(struct sip_msg* msg, int offset, int len,
452 452
 }
453 453
 
454 454
 
455
+/**
456
+ * free lump content
457
+ */
455 458
 void free_lump(struct lump* lmp)
456 459
 {
457
-	if (lmp && (lmp->op==LUMP_ADD)){
458
-		if (lmp->u.value){
459
-			if (lmp->flags &(LUMPFLAG_DUPED|LUMPFLAG_SHMEM)){
460
+	if (lmp && (lmp->op==LUMP_ADD)) {
461
+		if (lmp->u.value) {
462
+			if (lmp->flags & LUMPFLAG_SHMEM) {
460 463
 				LM_CRIT("non free-able lump: %p flags=%x\n", lmp, lmp->flags);
461 464
 				abort();
462
-			}else{
465
+			} else if(!(lmp->flags & LUMPFLAG_DUPED)) {
463 466
 				pkg_free(lmp->u.value);
464 467
 				lmp->u.value=0;
465 468
 				lmp->len=0;