Bugs item #1803686, was opened at 2007-09-27 18:55 Message generated for change (Comment added) made by ppessi You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=756076&aid=1803686&group_id=143636
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Mikhail Zabaluev (mzabaluev) Assigned to: Nobody/Anonymous (nobody) Summary: nua_event doesn't detect NUA destruction inside the callback Initial Comment: Running telepathy-sofiasip under valgrind exposes problems with accessing message data that have just been freed: ==5065== Invalid read of size 4 ==5065== at 0x409FE39: su_msg_is_non_null (su_wait.h:532) ==5065== by 0x409FDE1: nua_event (nua.c:1035) ==5065== by 0x40F792E: su_base_port_execute_msgs (su_base_port.c:253) ==5065== by 0x40F76E5: su_base_port_getmsgs (su_base_port.c:179) ==5065== by 0x4026B7D: su_source_dispatch (su_source.c:425) ==5065== Address 0x45978E8 is 40 bytes inside a block of size 188 free'd ==5065== at 0x4021258: free (vg_replace_malloc.c:233) ==5065== by 0x40EFC6B: su_home_unref (su_alloc.c:671) ==5065== by 0x409BDD9: nua_destroy (nua.c:228) ==5065== by 0x80550D1: priv_r_shutdown (sip-connection-sofia.c:78) ==5065== by 0x8056834: sip_connection_sofia_callback (sip-connection-sofia.c:794) ==5065== by 0x409FD57: nua_event (nua.c:1020) ==5065== by 0x40F792E: su_base_port_execute_msgs (su_base_port.c:253) ==5065== by 0x40F76E5: su_base_port_getmsgs (su_base_port.c:179) ==5065== by 0x4026B7D: su_source_dispatch (su_source.c:425) ==5065== Invalid read of size 4 ==5065== at 0x40F55EF: su_msg_destroy (su_root.c:968) ==5065== by 0x409FE1C: nua_event (nua.c:1042) ==5065== by 0x40F792E: su_base_port_execute_msgs (su_base_port.c:253) ==5065== by 0x40F76E5: su_base_port_getmsgs (su_base_port.c:179) ==5065== by 0x4026B7D: su_source_dispatch (su_source.c:425) ==5065== Address 0x45978E8 is 40 bytes inside a block of size 188 free'd ==5065== at 0x4021258: free (vg_replace_malloc.c:233) ==5065== by 0x40EFC6B: su_home_unref (su_alloc.c:671) ==5065== by 0x409BDD9: nua_destroy (nua.c:228) ==5065== by 0x80550D1: priv_r_shutdown (sip-connection-sofia.c:78) ==5065== by 0x8056834: sip_connection_sofia_callback (sip-connection-sofia.c:794) ==5065== by 0x409FD57: nua_event (nua.c:1020) ==5065== by 0x40F792E: su_base_port_execute_msgs (su_base_port.c:253) ==5065== by 0x40F76E5: su_base_port_getmsgs (su_base_port.c:179) ==5065== by 0x4026B7D: su_source_dispatch (su_source.c:425) This corresponds to the following code in nua.c: nua->nua_callback(e->e_event, e->e_status, e->e_phrase, nua, nua->nua_magic, nh, nh ? nh->nh_magic : NULL, e->e_msg ? sip_object(e->e_msg) : NULL, e->e_tags); if (nh && !NH_IS_DEFAULT(nh) && nua_handle_unref(nh)) { #if HAVE_NUA_HANDLE_DEBUG SU_DEBUG_0(("nua(%p): freed by application\n", (void *)nh)); #else SU_DEBUG_9(("nua(%p): freed by application\n", (void *)nh)); #endif } if (!su_msg_is_non_null(nua->nua_current)) return; if (e->e_msg) msg_destroy(e->e_msg), e->e_msg = NULL; su_msg_destroy(nua->nua_current); I tried to nullify the nua pointer in the "freed by application" block, and then guard operations with nua->nua_current with null checks, but the condition to detect NUA destruction doesn't seem to work right. ---------------------------------------------------------------------- >Comment By: Pekka Pessi (ppessi) Date: 2007-10-08 17:57 Message: Logged In: YES user_id=52043 Originator: NO I pushed a different patch to darcs. ---------------------------------------------------------------------- Comment By: Mikhail Zabaluev (mzabaluev) Date: 2007-10-08 16:53 Message: Logged In: YES user_id=313104 Originator: YES File Added: sofia-sip-ref-nua-event.dpatch ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=756076&aid=1803686&group_id=143636 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel