[sr-dev] dlg_handlers.c BUG or missing initialization

Wed Feb 10 12:31:34 CET 2010

Hi all,

we had problems with some callback-functions. The problem is isolated to
the unref_new_dialog function in dlg_handlers.c

If the whole tmcb_params structure is not initialized, we run into
segfaults in a later usage.


here a patch for this problem ("inspired" by openSIPS code)


@@ -417,7 +420,7 @@
 void unref_new_dialog(void *dialog)
 {
 	struct tmcb_params p;
-
+	memset(&p, 0, sizeof(struct tmcb_params));
 	p.param = (void*)&dialog;
 	dlg_onreply(0, TMCB_TRANS_DELETED, &p);
 }


Down below the whole patch for the dlg_handlers.c file, the second thing
is a extra control part for FAKED_REPLY's in the dlg_onreply function.

I hope this is useful.

best regards 

Torben Friese
 



Index: modules/dialog/dlg_handlers.c
===================================================================

--- modules/dialog/dlg_handlers.c	(revision 5983)
+++ modules/dialog/dlg_handlers.c	(working copy)
@@ -280,24 +280,27 @@
 	if (new_state==DLG_STATE_CONFIRMED_NA &&
 	old_state!=DLG_STATE_CONFIRMED_NA && old_state!=DLG_STATE_CONFIRMED )
{
 		LM_DBG("dialog %p confirmed\n",dlg);
-
-		/* get to tag*/
-		if ( !rpl->to && ((parse_headers(rpl, HDR_TO_F,0)<0) || !rpl->to) ) {
-			LM_ERR("bad reply or missing TO hdr :-/\n");
-			tag.s = 0;
-			tag.len = 0;
-		} else {
-			tag = get_to(rpl)->tag_value;
-			if (tag.s==0 || tag.len==0) {
-				LM_ERR("missing TAG param in TO hdr :-/\n");
+		if (rpl != FAKED_REPLY) {
+			/* get to tag*/
+			if ( !rpl->to && ((parse_headers(rpl, HDR_TO_F,0)<0) || !rpl->to) )
{
+				LM_ERR("bad reply or missing TO hdr :-/\n");
 				tag.s = 0;
 				tag.len = 0;
+			} else {
+				tag = get_to(rpl)->tag_value;
+				if (tag.s==0 || tag.len==0) {
+					LM_ERR("missing TAG param in TO hdr :-/\n");
+					tag.s = 0;
+					tag.len = 0;
+				}
 			}
-		}
 
-		/* save callee's tag, cseq, contact and record route*/
-		if (populate_leg_info( dlg, rpl, t, DLG_CALLEE_LEG, &tag) !=0) {
-			LM_ERR("could not add further info to the dialog\n");
+			/* save callee's tag, cseq, contact and record route*/
+			if (populate_leg_info( dlg, rpl, t, DLG_CALLEE_LEG, &tag) !=0) {
+				LM_ERR("could not add further info to the dialog\n");
+			}
+		} else {
+			LM_ERR("Faked reply!\n");
 		}
 
 		/* set start time */
@@ -417,7 +420,7 @@
 void unref_new_dialog(void *dialog)
 {
 	struct tmcb_params p;
-
+	memset(&p, 0, sizeof(struct tmcb_params));
 	p.param = (void*)&dialog;
 	dlg_onreply(0, TMCB_TRANS_DELETED, &p);
 }


