Hello,
Hoping to stir up a little debate:
I just spent some time in the osip/eXosip libraries and was struck that the
semantics of managing 'object' allocations is unclear. I got onto the
problem because of a crash which was caused by sitting in the debugger too
long.
Two issues popped up:
1) When 'objects' are freed, sometimes the pointer to them is not set to
NULL. This could cause issues if that pointer is later dereferenced.
For example around line 446 in wifo/lobosip2/src/osip2/ict_fsm.c:
<code>
osip_message_free (evt->sip);
// my code -->> evt->sip = NULL; <<-- shouldn't this be set to avoid the
sip being used again?
</code>
The function eventually returns and evt is used later. Don't know if
erroneously, but the code is definitely not defensive.
2) Problem 2 relates more to who is responsible for freeing objects
Here, around line 159 in the same file, the sip message is passed to the ict
structure.
<code>
/* Here we have ict->orig_request == NULL */
ict->orig_request = evt->sip; // <<== isn't this dangerous? Who will free?
i = osip->cb_send_message (ict, evt->sip, ict->ict_context->destination,
ict->ict_context->port, ict->out_socket);
</code>
Neither structure is freed in this function, so the question is: who is
responsible for freeing the sip 'object', 'evt' or 'ict', and will that
object be freed in the right order? In any case, the other object will have
a stale pointer hanging around if something goes wrong.
Hope this was clear to everyone.
-Lukas
Lukas Oberhuber
_______________________________________________
Wengophone-devel mailing list
[email protected]
http://dev.openwengo.com/mailman/listinfo/wengophone-devel
