Re: [sr-dev] [kamailio/kamailio] ims_usrloc_scscf: bugfix Contct is removed when old Contct expires (#1547)

Hi @christoph-v Good fix...i see it's revealing another two potential issues on remove_impucontact_from_list same file (impurecord.c); 1) tail->next is not nullified on removing last impucontact--hence second last will still point to the "just-removed" impucontact 2) contact removal in mid list seems to have swapped fields on both sides of equal sign Please see below possible fix: int remove_impucontact_from_list(impurecord_t* impu, impu_contact_t *impucontact) { ucontact_t* contact = impucontact->contact; if (/*contact - removed*/ impucontact == impu->linked_contacts.head /*->contact - removed */) { LM_DBG("deleting head\n"); impu->linked_contacts.head = impu->linked_contacts.head->next; } else if (/*contact*/ impucontact== impu->linked_contacts.tail/*->contact*/) { LM_DBG("deleting tail prev %p next %p\n",impu->linked_contacts.tail->prev, impu->linked_contacts.tail->next); impu->linked_contacts.tail = impu->linked_contacts.tail->prev; impu->linked_contacts.tail->next = 0; /* Nullified end of list*/ } else { LM_DBG("deleting mid list prev %p next %p\n", impucontact->prev, impucontact->next); impucontact->prev->next = impucontact->next; /*impucontact->prev = impucontact->next->prev; removed ---- seems to be small swap-around error*/ impucontact->next->prev = impucontact->prev; /* Added */ } impu->linked_contacts.numcontacts--; if (impucontact->contact->is_3gpp) impu->linked_contacts.num3gppcontacts--; LM_DBG("REMOVED impu_contact %p for contact %p\n",impucontact, contact); shm_free(impucontact); return 0; } -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1547#issuecomment-395767031