8 Jan
2015
8 Jan
'15
9:12 p.m.
Hello,
I am investigating a crash which is happening since:
commit 0c11f4f9c235bf791ac39446c293483462a99354
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: Mon Dec 29 22:26:46 2014 +0100
pua_dialoginfo: load dialogs for dialoginfo event upon restart
- based on a patch by Kristian Høgh, FS#360
The problem appears to be that in this function of pua_dialoginfo.c...
static void
__dialog_created(struct dlg_cell *dlg, int type, struct dlg_cb_params
*_params)
{
struct sip_msg *request = _params->req;
struct dlginfo_cell *dlginfo;
if (request->REQ_METHOD != METHOD_INVITE)
return;
if(send_publish_flag > -1 && !(request->flags &
(1<<send_publish_flag)))
return;
LM_DBG("new INVITE dialog created: from=%.*s\n", dlg->from_uri.len,
dlg->from_uri.s);
dlginfo=get_dialog_data(dlg, type);
if(dlginfo==NULL)
return;
dialog_publish_multi("Trying", dlginfo->pubruris_caller,
&(dlg->from_uri),
(include_req_uri)?&(dlg->req_uri):&(dlg->to_uri),
&(dlg->callid), 1, dlginfo->lifetime,
0, 0, 0, 0, (send_publish_flag==-1)?1:0);
free_dlginfo_cell(dlginfo);
}
...dlginfo is freed, but is still being referenced in the callback
registered here...
struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type)
{
...
/* register dialog callbacks which triggers sending PUBLISH */
if (dlg_api.register_dlgcb(dlg,
DLGCB_FAILED| DLGCB_CONFIRMED_NA |
DLGCB_TERMINATED
| DLGCB_EXPIRED | DLGCB_REQ_WITHIN |
DLGCB_EARLY,
__dialog_sendpublish, dlginfo,
free_dlginfo_cell) != 0) {
LM_ERR("cannot register callback for interesting dialog
types\n");
free_dlginfo_cell(dlginfo);
return NULL;
}
...
return(dlginfo);
}
Can the freeing of this structure simply be left up to the dialog module
when the dialog is eventually destroyed?
All the best,
Charles
--
www.sipcentric.com
Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered
office: Faraday Wharf, Innovation Birmingham Campus, Holt Street,
Birmingham Science Park, Birmingham B7 4BB.