Hello,
I am investigating a crash which is happening since:
commit 0c11f4f9c235bf791ac39446c293483462a99354
Date: Mon Dec 29 22:26:46 2014 +0100
pua_dialoginfo: load dialogs for dialoginfo event upon
restart
- based on a patch by Kristian Høgh, FS#360
The problem appears to be that in this function of
pua_dialoginfo.c...
static void
__dialog_created(struct dlg_cell *dlg, int type, struct
dlg_cb_params *_params)
{
struct sip_msg *request = _params->req;
struct dlginfo_cell *dlginfo;
if (request->REQ_METHOD != METHOD_INVITE)
return;
if(send_publish_flag > -1 &&
!(request->flags & (1<<send_publish_flag)))
return;
LM_DBG("new INVITE dialog created: from=%.*s\n",
dlg->from_uri.len, dlg->from_uri.s);
dlginfo=get_dialog_data(dlg, type);
if(dlginfo==NULL)
return;
dialog_publish_multi("Trying",
dlginfo->pubruris_caller,
&(dlg->from_uri),
(include_req_uri)?&(dlg->req_uri):&(dlg->to_uri),
&(dlg->callid), 1,
dlginfo->lifetime,
0, 0, 0, 0,
(send_publish_flag==-1)?1:0);
free_dlginfo_cell(dlginfo);
}
...dlginfo is freed, but is still being referenced in the
callback registered here...
struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg,
int type)
{
...
/* register dialog callbacks which triggers sending
PUBLISH */
if (dlg_api.register_dlgcb(dlg,
DLGCB_FAILED|
DLGCB_CONFIRMED_NA | DLGCB_TERMINATED
| DLGCB_EXPIRED |
DLGCB_REQ_WITHIN | DLGCB_EARLY,
__dialog_sendpublish,
dlginfo, free_dlginfo_cell) != 0) {
LM_ERR("cannot register callback for
interesting dialog types\n");
free_dlginfo_cell(dlginfo);
return NULL;
}
...
return(dlginfo);
}
Can the freeing of this structure simply be left up to the
dialog module when the dialog is eventually destroyed?
All the best,
Charles