Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
Looking looking quickly at the final patch, there seems to be a race that can happen between building the list of matching dialogs and using the items in the list to push to xavps or to rpc output. The slots in the dialog hash table are released after it was walked and matching dialogs were linked in the matching list. It can take time till other slots are walked for matching other dialogs and during that time some dialogs in the previous slots can be destroyed (e.g., bye or timeout). This is one example, but dialogs might be destroyed also during the walk of matching list to convert it to xavp or rpc output.
The clone to xavp or printing to rpc output should happen when the slot of the matching dialog is acquired and before it is released again. If the lock is released after linking to matching list and then re-acquired for cloning to xavp or printing to rpc, then such races can happen and dlg field in matching list may point to invalid memory address.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.