Hello,
I am investigating a crash which is happening since:
commit 0c11f4f9c235bf791ac39446c293483462a99354 Author: Daniel-Constantin Mierla miconda@gmail.com Date: Mon Dec 29 22:26:46 2014 +0100
pua_dialoginfo: load dialogs for dialoginfo event upon restart
- based on a patch by Kristian Høgh, FS#360
The problem appears to be that in this function of pua_dialoginfo.c...
static void __dialog_created(struct dlg_cell *dlg, int type, struct dlg_cb_params *_params) { struct sip_msg *request = _params->req; struct dlginfo_cell *dlginfo;
if (request->REQ_METHOD != METHOD_INVITE) return;
if(send_publish_flag > -1 && !(request->flags & (1<<send_publish_flag))) return;
LM_DBG("new INVITE dialog created: from=%.*s\n", dlg->from_uri.len, dlg->from_uri.s);
dlginfo=get_dialog_data(dlg, type); if(dlginfo==NULL) return;
dialog_publish_multi("Trying", dlginfo->pubruris_caller, &(dlg->from_uri),
(include_req_uri)?&(dlg->req_uri):&(dlg->to_uri), &(dlg->callid), 1, dlginfo->lifetime, 0, 0, 0, 0, (send_publish_flag==-1)?1:0); free_dlginfo_cell(dlginfo);
}
...dlginfo is freed, but is still being referenced in the callback registered here...
struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type) { ... /* register dialog callbacks which triggers sending PUBLISH */ if (dlg_api.register_dlgcb(dlg, DLGCB_FAILED| DLGCB_CONFIRMED_NA | DLGCB_TERMINATED | DLGCB_EXPIRED | DLGCB_REQ_WITHIN | DLGCB_EARLY, __dialog_sendpublish, dlginfo, free_dlginfo_cell) != 0) { LM_ERR("cannot register callback for interesting dialog types\n"); free_dlginfo_cell(dlginfo); return NULL; } ... return(dlginfo); }
Can the freeing of this structure simply be left up to the dialog module when the dialog is eventually destroyed?
All the best, Charles
Hello,
looks like you are right, feel free to commit the fix.
Cheers, Daniel
On 08/01/15 22:12, Charles Chance wrote:
Hello,
I am investigating a crash which is happening since:
commit 0c11f4f9c235bf791ac39446c293483462a99354 Author: Daniel-Constantin Mierla <miconda@gmail.com mailto:miconda@gmail.com> Date: Mon Dec 29 22:26:46 2014 +0100
pua_dialoginfo: load dialogs for dialoginfo event upon restart - based on a patch by Kristian Høgh, FS#360The problem appears to be that in this function of pua_dialoginfo.c...
static void __dialog_created(struct dlg_cell *dlg, int type, struct dlg_cb_params *_params) { struct sip_msg *request = _params->req; struct dlginfo_cell *dlginfo;
if (request->REQ_METHOD != METHOD_INVITE) return; if(send_publish_flag > -1 && !(request->flags &(1<<send_publish_flag))) return;
LM_DBG("new INVITE dialog created: from=%.*s\n",dlg->from_uri.len, dlg->from_uri.s);
dlginfo=get_dialog_data(dlg, type); if(dlginfo==NULL) return; dialog_publish_multi("Trying", dlginfo->pubruris_caller, &(dlg->from_uri),(include_req_uri)?&(dlg->req_uri):&(dlg->to_uri), &(dlg->callid), 1, dlginfo->lifetime, 0, 0, 0, 0, (send_publish_flag==-1)?1:0); free_dlginfo_cell(dlginfo);
}
...dlginfo is freed, but is still being referenced in the callback registered here...
struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type) { ... /* register dialog callbacks which triggers sending PUBLISH */ if (dlg_api.register_dlgcb(dlg, DLGCB_FAILED| DLGCB_CONFIRMED_NA | DLGCB_TERMINATED | DLGCB_EXPIRED | DLGCB_REQ_WITHIN | DLGCB_EARLY, __dialog_sendpublish, dlginfo, free_dlginfo_cell) != 0) { LM_ERR("cannot register callback for interesting dialog types\n"); free_dlginfo_cell(dlginfo); return NULL; } ... return(dlginfo); }
Can the freeing of this structure simply be left up to the dialog module when the dialog is eventually destroyed?
All the best, Charles
www.sipcentric.com http://www.sipcentric.com/
Follow us on twitter @sipcentric http://twitter.com/sipcentric
Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered office: Faraday Wharf, Innovation Birmingham Campus, Holt Street, Birmingham Science Park, Birmingham B7 4BB.
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-
Charles Chance -
Daniel-Constantin Mierla