Hello,
I am investigating a crash which is happening since:
commit 0c11f4f9c235bf791ac39446c293483462a99354 Author: Daniel-Constantin Mierla miconda@gmail.com Date: Mon Dec 29 22:26:46 2014 +0100
pua_dialoginfo: load dialogs for dialoginfo event upon restart
- based on a patch by Kristian Høgh, FS#360
The problem appears to be that in this function of pua_dialoginfo.c...
static void __dialog_created(struct dlg_cell *dlg, int type, struct dlg_cb_params *_params) { struct sip_msg *request = _params->req; struct dlginfo_cell *dlginfo;
if (request->REQ_METHOD != METHOD_INVITE) return;
if(send_publish_flag > -1 && !(request->flags & (1<<send_publish_flag))) return;
LM_DBG("new INVITE dialog created: from=%.*s\n", dlg->from_uri.len, dlg->from_uri.s);
dlginfo=get_dialog_data(dlg, type); if(dlginfo==NULL) return;
dialog_publish_multi("Trying", dlginfo->pubruris_caller, &(dlg->from_uri),
(include_req_uri)?&(dlg->req_uri):&(dlg->to_uri), &(dlg->callid), 1, dlginfo->lifetime, 0, 0, 0, 0, (send_publish_flag==-1)?1:0); free_dlginfo_cell(dlginfo);
}
...dlginfo is freed, but is still being referenced in the callback registered here...
struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type) { ... /* register dialog callbacks which triggers sending PUBLISH */ if (dlg_api.register_dlgcb(dlg, DLGCB_FAILED| DLGCB_CONFIRMED_NA | DLGCB_TERMINATED | DLGCB_EXPIRED | DLGCB_REQ_WITHIN | DLGCB_EARLY, __dialog_sendpublish, dlginfo, free_dlginfo_cell) != 0) { LM_ERR("cannot register callback for interesting dialog types\n"); free_dlginfo_cell(dlginfo); return NULL; } ... return(dlginfo); }
Can the freeing of this structure simply be left up to the dialog module when the dialog is eventually destroyed?
All the best, Charles