[OpenSER-Devel] [ openser-Bugs-1913465 ] dialog from db fixes

SourceForge.net noreply at sourceforge.net
Tue Apr 15 16:39:34 CEST 2008


Bugs item #1913465, was opened at 2008-03-13 08:29
Message generated for change (Comment added) made by osas
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1913465&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver 1.3.x
Status: Open
Resolution: Accepted
Priority: 5
Private: No
Submitted By: Stanislaw Pitucha (viraptor)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: dialog from db fixes

Initial Comment:
Posted in maillist by mistake - reposting:
(Patch made by / please attribute to Ben Smithurst)

@modules/dialog/dlg_db_handler.c:
#define GET_STR_VALUE(_res, _values, _index, _not_null, _unref)\
do{\
	if (VAL_NULL((_values)+ (_index))) { \
		if (_not_null) {\
			if (_unref) unref_dlg(dlg,1);\
			continue; \
		} else { \
			(_res).s = 0; \
			(_res).len = 0; \
		}\
	} else { \
		(_res).s = VAL_STR((_values)+ (_index)).s;\
		(_res).len = strlen(VAL_STR((_values)+ (_index)).s);\
	} \
}while(0);

I guess that "continue" is supposed to skip processing of dialog in load_dialog_info_from_db(), but it won't really work, because continue is only getting out of do{}while() macro loop - it leaves _res uninitialized and continues processing. Fixed by removing "do" and "while" - GET_STR_VALUE isn't used in parent "if" so it's safe currently.

Then there's destroy_dlg() @modules/dialog/dlg_hash.c which doesn't handle dialog timer (if unref_dlg() was ran in previous case) - fixed by adding remove_dlg_timer(&dlg->tl);


----------------------------------------------------------------------

>Comment By: Ovidiu Sas (osas)
Date: 2008-04-15 10:39

Message:
Logged In: YES 
user_id=1395524
Originator: NO

Patch tested ok against #1921630 - dialog: crash in dlg_timer_routine (see
comment from 2008-04-15 10:33).

Thanks and regards,
Ovidiu Sas

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-04-04 09:07

Message:
Logged In: YES 
user_id=1275325
Originator: NO

I see - I will try to review a bit the timer list issue - I tent to agree
that this is somehow related to #1921630.

Thanks and regards,
Bogdan

----------------------------------------------------------------------

Comment By: Stanislaw Pitucha (viraptor)
Date: 2008-03-31 07:20

Message:
Logged In: YES 
user_id=598346
Originator: YES

I've just noticed bug #1921630 (dialog: crash in dlg_timer_routine) and
problem with overwriting memory looks rather similar (it was also on
dereferencing ->prev (being 0x0, or 0x8)... while whole structure was
really freed before). We've tracked it down using valgrind - it was the
only problem visible during loading, so it's easy to spot if it happens.
I am not sure though, if it was the same function as bug #1921630 crashing
or something else.

----------------------------------------------------------------------

Comment By: Stanislaw Pitucha (viraptor)
Date: 2008-03-31 07:11

Message:
Logged In: YES 
user_id=598346
Originator: YES

Unfortunately I haven't saved database from that time, but patch was
written because openser crashed on startup when loading old dialogs in
db_mode=1 in openser-1.3. After loading and deciding to timeout old
dialogs, it tried to... I'm not sure - call or destroy that timer, even
though dialog didn't exist anymore (caused memory overwrite on malloc
metadata). We've never seen it happening on openser that was already
running.
After forcing remove_dlg_timer on destroying dialog, it started to behave
properly. Also, it was observed only when using same database for 2 openser
servers, but I don't know which one registered the dialog, or if that made
any difference.

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-03-31 06:26

Message:
Logged In: YES 
user_id=1275325
Originator: NO

Hi Stanislaw,

Regarding the destroy_dlg() - I do not see the reason for this. The dialog
is removed from timer before calling the  destroy function - or maybe a
missed some case(s) ? :)

Regards,
Bogdan

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-03-13 08:47

Message:
Logged In: YES 
user_id=1275325
Originator: NO

Hi Stanislaw,

I will take a look on this asap.

Regards,
Bogdan

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1913465&group_id=139143



More information about the Devel mailing list