Browse code

core: skip abort() in free_lump() for LUMPFLAG_DUPED

- the LUMPFLAG_DUPED is set when duplicating lumps list for branch route
execution, but some functions such as set_body() may want to clean them
- report and minimal reproducing config by Henning Westerholt

(cherry picked from commit 57ee97f52dd90c86743b6fd6dd682285ef994e80)

Daniel-Constantin Mierla authored on 09/09/2020 13:33:18 • Henning Westerholt committed on 09/09/2020 14:42:25
Showing 1 changed files
... ...
@@ -456,14 +456,17 @@ struct lump* anchor_lump2(struct sip_msg* msg, int offset, int len,
456 456
 }
457 457
 
458 458
 
459
+/**
460
+ * free lump content
461
+ */
459 462
 void free_lump(struct lump* lmp)
460 463
 {
461
-	if (lmp && (lmp->op==LUMP_ADD)){
462
-		if (lmp->u.value){
463
-			if (lmp->flags &(LUMPFLAG_DUPED|LUMPFLAG_SHMEM)){
464
+	if (lmp && (lmp->op==LUMP_ADD)) {
465
+		if (lmp->u.value) {
466
+			if (lmp->flags & LUMPFLAG_SHMEM) {
464 467
 				LM_CRIT("non free-able lump: %p flags=%x\n", lmp, lmp->flags);
465 468
 				abort();
466
-			}else{
469
+			} else if(!(lmp->flags & LUMPFLAG_DUPED)) {
467 470
 				pkg_free(lmp->u.value);
468 471
 				lmp->u.value=0;
469 472
 				lmp->len=0;