Module: sip-router Branch: master Commit: 91e2af3efafd3f3143830399e159331648d96763 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=91e2af3… Author: pd <peter.dunkley(a)crocodile-rcs.com> Committer: pd <peter.dunkley(a)crocodile-rcs.com> Date: Wed Jan 25 14:54:37 2012 +0000 modules_k/pua: Fixes to memory leaks in PUA when using database only mode - Found and fixed by Paul Pankhurst @ Crocodile RCS --- modules_k/pua/send_publish.c | 14 ++++++-------- modules_k/pua/send_subscribe.c | 19 +++++++++++++------ 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/modules_k/pua/send_publish.c b/modules_k/pua/send_publish.c index 816ff1d..a43bae7 100644 --- a/modules_k/pua/send_publish.c +++ b/modules_k/pua/send_publish.c @@ -341,7 +341,7 @@ void publ_cback_func(struct cell *t, int type, struct tmcb_params *ps) } size= sizeof(ua_pres_t)+ sizeof(str)+ (hentity->pres_uri->len+ hentity->tuple_id.len + - hentity->id.len)* sizeof(char); + hentity->id.len + etag.len)* sizeof(char); if(hentity->extra_headers) size+= sizeof(str)+ hentity->extra_headers->len* sizeof(char); @@ -352,7 +352,6 @@ void publ_cback_func(struct cell *t, int type, struct tmcb_params *ps) goto error; } memset(presentity, 0, size); - memset(&presentity->etag, 0, sizeof(str)); size= sizeof(ua_pres_t); presentity->pres_uri= (str*)((char*)presentity+ size); @@ -392,14 +391,10 @@ void publ_cback_func(struct cell *t, int type, struct tmcb_params *ps) presentity->flag|= hentity->flag; presentity->event|= hentity->event; - presentity->etag.s= (char*)shm_malloc(etag.len* sizeof(char)); - if(presentity->etag.s== NULL) - { - LM_ERR("No more share memory\n"); - goto error; - } + presentity->etag.s= (char*)presentity+ size; memcpy(presentity->etag.s, etag.s, etag.len); presentity->etag.len= etag.len; + size+= presentity->etag.len; if (dbmode==PUA_DB_ONLY) { @@ -421,6 +416,9 @@ done: shm_free(*ps->param); *ps->param= NULL; } + if(dbmode==PUA_DB_ONLY && presentity) + shm_free(presentity); + free_results_puadb(res); return; diff --git a/modules_k/pua/send_subscribe.c b/modules_k/pua/send_subscribe.c index 4fb5529..eebb1a4 100644 --- a/modules_k/pua/send_subscribe.c +++ b/modules_k/pua/send_subscribe.c @@ -241,6 +241,7 @@ void subs_cback_func(struct cell *t, int cb_type, struct tmcb_params *ps) int initial_request = 0; db1_res_t *res=NULL; ua_pres_t dbpres; + int need_to_free=0; str pres_uri={0,0}, watcher_uri={0,0}, extra_headers={0,0}; memset(&dbpres, 0, sizeof(dbpres)); @@ -563,7 +564,7 @@ void subs_cback_func(struct cell *t, int cb_type, struct tmcb_params *ps) size= sizeof(ua_pres_t)+ 2*sizeof(str)+( pto->uri.len+ pfrom->uri.len+ pto->tag_value.len+ pfrom->tag_value.len +msg->callid->body.len+ record_route.len+ hentity->contact.len+ - hentity->id.len )*sizeof(char); + hentity->id.len + contact.len)*sizeof(char); if(hentity->extra_headers) size+= sizeof(str)+ hentity->extra_headers->len*sizeof(char); @@ -576,6 +577,11 @@ void subs_cback_func(struct cell *t, int cb_type, struct tmcb_params *ps) pkg_free(record_route.s); goto done; } + else + { + need_to_free=1; + } + memset(presentity, 0, size); size= sizeof(ua_pres_t); @@ -647,13 +653,10 @@ void subs_cback_func(struct cell *t, int cb_type, struct tmcb_params *ps) } /* write the remote contact filed */ - presentity->remote_contact.s= (char*)shm_malloc(contact.len* sizeof(char)); - if(presentity->remote_contact.s== NULL) - { - ERR_MEM(SHARE_MEM); - } + presentity->remote_contact.s= (char*)presentity+ size; memcpy(presentity->remote_contact.s, contact.s, contact.len); presentity->remote_contact.len= contact.len; + size+= presentity->remote_contact.len; presentity->event|= hentity->event; presentity->flag= hentity->flag; @@ -688,7 +691,10 @@ error: if (dbmode == PUA_DB_ONLY) { if (presentity!=NULL) + { delete_temporary_dialog_puadb(presentity); + if (need_to_free) shm_free(presentity); + } } else { @@ -1082,6 +1088,7 @@ insert: if (dbmode==PUA_DB_ONLY) { insert_puadb(presentity); + shm_free(presentity); } else {