< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index

RE: [reSIProcate] !Exception in DUM handling bogus ACK

From: Scott Godin <slgodin@xxxxxxxxxxxx>
Date: Mon, 11 Jul 2005 10:44:41 -0400

Hi Justin,

I just committed a fix for this.  The fix will not allow messages to be
dispatched to a Dialog/DialogSet during the delayed destruction process.

Thanks for the find!

Scott

-----Original Message-----
From: Justin Matthews [mailto:justin.matthews@xxxxxxx] 
Sent: Thursday, June 30, 2005 9:14 AM
To: resiprocate-devel@xxxxxxxxxxxxxxxxxxx
Subject: [reSIProcate] !Exception in DUM handling bogus ACK

Hello,

I believe that the following scenario is causing the DUM to raise a fatal
exception.  A log file is attached that also shows this scenario (may be
easier to decipher than my description).

To start this scenario a BYE is received for a Dialog and the proper 200OK
is sent to the UAC.  The processing then continues as follows:

[2588] [DialogUsageManager. 840] [Got: DestroyUsage INVITE:

(call destroy() which calls delete)

[2588] [InviteSession.  51] [^^^ InviteSession::~InviteSession

(At this point in ~InviteSession() mDialog.mInviteSession is set to 0)
(In ~DialogUsage()
    call mDialog.possiblyDie()
        call mDum.Destroy(this)
            post(DestroyUsage(dialog))

[ 944] [DEBUG] [Transport. 210] [incoming from:

(At this point there is a context switch to another thread)
(an ACK is received and sent to the TU)

[2588] [DialogUsageManager. 840] [Got: DestroyDialog
(switching back to the DUM thread, delete the dialog from the BYE)
(call destroy(), which calls delete)

[2588] [Dialog. 211] [Dialog::~Dialog() ]
(call mDialogSet->possiblyDie()
  call mDum->post(DestroyUsage(dialogset))

[2588] [DialogUsageManager.1222] [DialogUsageManager::processRequest:
(handle the ACK, NOTE! This is happening after the dialogset has been set to
die)

[2588] [DialogSet. 663] [findDialog:
[2588] [DialogSet. 598] [Creating a new Dialog from msg:

[2588] [Dialog. 347] [Drop stray ACK or CANCEL
(drop the ACK because mInviteSession in the dialog is NULL)

[2588] [DialogUsageManager. 840] [Got: DestroyDialogSet
(finally received the destroy dialog message from the original BYE)

(call destroyUsage->destroy(), delete mdialogSet)
(The destructor of mDialogSet will iterate through all remaining Dialog's
and delete them, !NOTE! there is now a new Dialog in the dialogSet from the
incoming ACK! Deleting this new dialog will then cause another
mDialogSet.possiblyDie() from the Dialog destructor.  This will then cause
another DestroyUsage message posted back to the DUM fifo:

 [2588] [INFO ] [DialogUsageManager. 840] [Got: DestroyDialogSet
`¾"-63439337-000e-Call7-f9346b6c]
 [2588] [INFO ] [DialogUsageManager            . 944] [Destroying usage]
 [ 944] [FATAL] [ExceptionFilter               .  46] 


The exception is occurring in the sipstack thread (944) and from my analysis
of the crash information this is most likely caused by corrupted memory.

I am testing a quick fix by adding a flag that the dialogset has been posted
for destruction and adding the following check:

DialogUsageManager.1259 (DUM::processRequest())
if (ds == 0 || true == ds->markedForDestruction_)
            {

Thanks,

Justin

Prev by Date: Re: [reSIProcate] Resiprocate 0.9.0 -- Released
Next by Date: Re: [reSIProcate] Resiprocate 0.9.0 -- Released
Previous by thread: RE: [reSIProcate] onConnected received and processed before 200OK sent
Next by thread: [reSIProcate] How to get TLS peer name?
Index(es):
- Date
- Thread