On Mon, Mar 10, 2014 at 3:31 PM, Daniel-Constantin Mierla <miconda@gmail.com> wrote:

Hello,

the condition to do pkg_free() or not for msg->path_vec.s doesn't seem correct. You check if path_vec.s points inside SIP message buffer, but that doesn't happen at all. Path vector is taken from usrloc record in cloned in pkg for sip_msg structure.

Did I misunderstand something?

Cheers,
Daniel

On 10/03/14 13:39, Jason Penton wrote:

Module: sip-router
Branch: master
Commit: f15de29015546d173a1d3135f90653e05d85171f
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f15de29015546d173a1d3135f90653e05d85171f

Author: Jason Penton <jason.penton@gmail.com>
Committer: Jason Penton <jason.penton@gmail.com>
Date: Mon Mar 10 14:38:51 2014 +0200

modules/corex: only free path_vector from pkg if it is still in pkg... not shm cloned
- related to earlier commit 4ab0f53ff247f411dde7b88d5b7d82fc7e17baa9

---

modules/corex/corex_lib.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/modules/corex/corex_lib.c b/modules/corex/corex_lib.c
index 9d926c2..f83352b 100644
--- a/modules/corex/corex_lib.c
+++ b/modules/corex/corex_lib.c
@@ -84,7 +84,8 @@ int corex_append_branch(sip_msg_t *msg, gparam_t *pu, gparam_t *pq)
msg->dst_uri.s = 0;
msg->dst_uri.len = 0;
if(msg->path_vec.s!=0)
- pkg_free(msg->path_vec.s);
+ if (likely(msg->path_vec.s >= msg->buf && (msg->path_vec.s < (msg->buf + msg->len))))
+ pkg_free(msg->path_vec.s);
msg->path_vec.s = 0;
msg->path_vec.len = 0;
}

_______________________________________________
sr-dev mailing list
sr-dev@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference - April 2-4, 2014, Berlin, Germany
http://www.kamailioworld.com