<div dir="ltr"><div>Hello,</div><div><br></div><div>I am investigating a crash which is happening since:</div><div><br></div><div>commit 0c11f4f9c235bf791ac39446c293483462a99354</div><div>Author: Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>></div><div>Date: Mon Dec 29 22:26:46 2014 +0100</div><div><br></div><div> pua_dialoginfo: load dialogs for dialoginfo event upon restart</div><div><br></div><div> - based on a patch by Kristian Høgh, FS#360</div><div><br></div><div><br></div><div><br></div><div>The problem appears to be that in this function of pua_dialoginfo.c...</div><div><br></div><div><br></div><div>static void</div><div>__dialog_created(struct dlg_cell *dlg, int type, struct dlg_cb_params *_params)</div><div>{</div><div> struct sip_msg *request = _params->req;</div><div> struct dlginfo_cell *dlginfo;</div><div><br></div><div> if (request->REQ_METHOD != METHOD_INVITE)</div><div> return;</div><div><br></div><div> if(send_publish_flag > -1 && !(request->flags & (1<<send_publish_flag)))</div><div> return;</div><div><br></div><div> LM_DBG("new INVITE dialog created: from=%.*s\n", dlg->from_uri.len, dlg->from_uri.s);</div><div><br></div><div> dlginfo=get_dialog_data(dlg, type);</div><div> if(dlginfo==NULL)</div><div> return;</div><div><br></div><div> dialog_publish_multi("Trying", dlginfo->pubruris_caller,</div><div> &(dlg->from_uri),</div><div> (include_req_uri)?&(dlg->req_uri):&(dlg->to_uri),</div><div> &(dlg->callid), 1, dlginfo->lifetime,</div><div> 0, 0, 0, 0, (send_publish_flag==-1)?1:0);</div><div> free_dlginfo_cell(dlginfo);</div><div><br></div><div>}</div><div><br></div><div><br></div><div>...dlginfo is freed, but is still being referenced in the callback registered here...</div><div><br></div><div><br></div><div>struct dlginfo_cell* get_dialog_data(struct dlg_cell *dlg, int type)</div><div>{</div><div>...</div><div> /* register dialog callbacks which triggers sending PUBLISH */</div><div> if (dlg_api.register_dlgcb(dlg,</div><div> DLGCB_FAILED| DLGCB_CONFIRMED_NA | DLGCB_TERMINATED</div><div> | DLGCB_EXPIRED | DLGCB_REQ_WITHIN | DLGCB_EARLY,</div><div> __dialog_sendpublish, dlginfo, free_dlginfo_cell) != 0) {</div><div> LM_ERR("cannot register callback for interesting dialog types\n");</div><div> free_dlginfo_cell(dlginfo);</div><div> return NULL;</div><div> }</div><div>...</div><div> return(dlginfo);</div><div>}</div><div><br></div><div><br></div><div><br></div><div>Can the freeing of this structure simply be left up to the dialog module when the dialog is eventually destroyed?</div><div><br></div><div>All the best,</div><div>Charles</div><div><br></div>
</div>
<br>
<font face="Helvetica, Arial, sans-serif"><font size="2"><span style="font-size:10pt"><a href="http://www.sipcentric.com/" title="blocked::http://www.sipcentric.com/" target="_blank">www.sipcentric.com</a><br>
<br>
Follow us on twitter <a href="http://twitter.com/sipcentric" title="blocked::http://twitter.com/sipcentric" target="_blank">@sipcentric</a><br>
<br>
<font color="gray">Sipcentric Ltd.
Company registered in England & Wales no. 7365592.</font> <font color="gray">Registered
office: Faraday Wharf, Innovation Birmingham Campus, Holt Street, Birmingham Science Park, Birmingham B7 4BB.</font></span></font></font>