Bugs item #1423415, was opened at 2006-02-03 16:45
Message generated for change (Settings changed) made by kaiv
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=756076&aid=1423415&group_id=143636
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Kai Vehmanen (kaiv)
Assigned to: Nobody/Anonymous (nobody)
Summary: double-free in soa_destroy() upon incoming BYE
Initial Comment:
Program is sometimes terminated to SIGABRT when
receiving BYE:
--cut--
#0 0xb79f77a7 in raise () from /lib/tls/libc.so.6
#1 0xb79f904b in abort () from /lib/tls/libc.so.6
#2 0xb7a2e005 in __fsetlocking () from /lib/tls/libc.so.6
#3 0xb7a34657 in malloc_usable_size () from
/lib/tls/libc.so.6
#4 0xb7a34af2 in free () from /lib/tls/libc.so.6
#5 0xb7f425b8 in _su_home_deinit (home=0x8123cb0) at
su_alloc.c:863
#6 0xb7f425aa in _su_home_deinit (home=0x80bb7e0) at
su_alloc.c:859
#7 0xb7f42c81 in su_home_unref (home=0x80bb7e0) at
su_alloc.c:588
#8 0xb7f32ec8 in soa_destroy (ss=0x80bb7e0) at soa.c:355
#9 0xb7f14c48 in nsession_destroy (nh=0x80bb470) at
nua_stack.c:4996
#10 0xb7f14da5 in process_bye (nua=0x808de18,
nh=0x80bb470, irq=0x81132e0,
sip=0x8117cdc) at nua_stack.c:5458
#11 0xb7f190ca in process_request (nh=0x80bb470,
leg=0x80bc1d0, irq=0x81132e0,
sip=0x8117cdc) at nua_stack.c:7044
#12 0xb7efb4ba in leg_recv (leg=0x80bc1d0, msg=0x8117c40,
sip=<value optimized out>, tport=0x8089938) at
nta.c:4196
#13 0xb7efc429 in agent_recv_request (agent=0x808b970,
msg=0x8117c40,
sip=0x8117cdc, tport=0x8089938) at nta.c:2091
#14 0xb7efd166 in agent_recv_message (agent=0x808b970,
tport=0x8089938,
msg=0x8117c40, tport_via=0x8089718, now=
{tv_sec = 3347977216, tv_usec = 151690}) at
nta.c:1895
#15 0xb7f5c29f in tport_deliver (self=0x8089938,
msg=0x8117c40, next=0x0,
pointer_to_udvm=0x0, now={tv_sec = 3347977216,
tv_usec = 151690})
#16 0xb7f5d41e in tport_parse (self=0x8089938,
complete=1, now=
{tv_sec = 3347977216, tv_usec = 151690}) at
tport.c:3075
#17 0xb7f5f086 in tport_recv_event (self=0x8089938,
event=<value optimized out>) at tport.c:3019
#18 0xb7f5fe49 in tport_recv (magic=0x808de18,
w=0x808c788, self=0x8089938)
at tport.c:2900
#19 0xb7f409c6 in su_source_dispatch (gs=0x808d298,
callback=0, user_data=0x0)
at su_source.c:394
#20 0xb7b6d371 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#21 0xb7b705d7 in g_main_context_check () from
/usr/lib/libglib-2.0.so.0
#22 0xb7b70b28 in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0
#23 0x0804dceb in main (ac=1, av=<value optimized out>)
at sofsip_cli.c:148
--cut--
And more details:
--cut--
#5 0xb7f425b8 in _su_home_deinit (home=0x8123cb0) at
su_alloc.c:863
863 free(b->sub_nodes[i].sua_data);
#6 0xb7f425aa in _su_home_deinit (home=0x80bb7e0) at
su_alloc.c:859
859 _su_home_deinit(subhome);
#7 0xb7f42c81 in su_home_unref (home=0x80bb7e0) at
su_alloc.c:588
588 _su_home_deinit(home);
#8 0xb7f32ec8 in soa_destroy (ss=0x80bb7e0) at soa.c:355
355 su_home_unref(ss->ss_home);
--cut--
----------------------------------------------------------------------
>Comment By: Kai Vehmanen (kaiv)
Date: 2006-02-06 17:56
Message:
Logged In: YES
user_id=25486
Pekka's CVS commit from yesterday seems to have solved the
issue. At least I couldn't reproduce it anymore after cvs
update.
----------------------------------------------------------------------
Comment By: Pekka Pessi (ppessi)
Date: 2006-02-03 18:01
Message:
Logged In: YES
user_id=52043
Weird. The bug happens when deinitializing a cloned home.
Only place I found that soa invokes su_home_clone() is thru
sdp_parse(). There was some very old home-handling code
there, but nothing that could cause double free.
With gst there is no chance to use valgrind, right?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=756076&aid=1423415&group_id=143636
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Sofia-sip-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
