[sr-dev] Segfault in pua_dialoginfo
Daniel-Constantin Mierla
miconda at gmail.com
Fri Jan 9 15:10:17 CET 2015
Hello,
looks like you are right, feel free to commit the fix.
Cheers,
Daniel
On 08/01/15 22:12, Charles Chance wrote:
> Hello,
>
> I am investigating a crash which is happening since:
>
> commit 0c11f4f9c235bf791ac39446c293483462a99354
> Author: Daniel-Constantin Mierla <miconda at gmail.com
> <mailto:miconda at gmail.com>>
> Date: Mon Dec 29 22:26:46 2014 +0100
>
> pua_dialoginfo: load dialogs for dialoginfo event upon restart
>
> - based on a patch by Kristian Høgh, FS#360
>
>
>
> The problem appears to be that in this function of pua_dialoginfo.c...
>
>
> static void
> __dialog_created(struct dlg_cell *dlg, int type, struct dlg_cb_params
> *_params)
> {
> struct sip_msg *request = _params->req;
> struct dlginfo_cell *dlginfo;
>
> if (request->REQ_METHOD != METHOD_INVITE)
> return;
>
> if(send_publish_flag > -1 && !(request->flags &
> (1<<send_publish_flag)))
> return;
>
> LM_DBG("new INVITE dialog created: from=%.*s\n",
> dlg->from_uri.len, dlg->from_uri.s);
>
> dlginfo=get_dialog_data(dlg, type);
> if(dlginfo==NULL)
> return;
>
> dialog_publish_multi("Trying", dlginfo->pubruris_caller,
> &(dlg->from_uri),
>
> (include_req_uri)?&(dlg->req_uri):&(dlg->to_uri),
> &(dlg->callid), 1, dlginfo->lifetime,
> 0, 0, 0, 0, (send_publish_flag==-1)?1:0);
> free_dlginfo_cell(dlginfo);
>
> }
>
>
> ...dlginfo is freed, but is still being referenced in the callback
> registered here...
>
>
> struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type)
> {
> ...
> /* register dialog callbacks which triggers sending PUBLISH */
> if (dlg_api.register_dlgcb(dlg,
> DLGCB_FAILED| DLGCB_CONFIRMED_NA |
> DLGCB_TERMINATED
> | DLGCB_EXPIRED | DLGCB_REQ_WITHIN |
> DLGCB_EARLY,
> __dialog_sendpublish, dlginfo,
> free_dlginfo_cell) != 0) {
> LM_ERR("cannot register callback for interesting
> dialog types\n");
> free_dlginfo_cell(dlginfo);
> return NULL;
> }
> ...
> return(dlginfo);
> }
>
>
>
> Can the freeing of this structure simply be left up to the dialog
> module when the dialog is eventually destroyed?
>
> All the best,
> Charles
>
>
> www.sipcentric.com <http://www.sipcentric.com/>
>
> Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
>
> Sipcentric Ltd. Company registered in England & Wales no.
> 7365592. Registered office: Faraday Wharf, Innovation Birmingham
> Campus, Holt Street, Birmingham Science Park, Birmingham B7 4BB.
>
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20150109/65a9d657/attachment.html>
More information about the sr-dev
mailing list