< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index

Re: [reSIProcate] Strange dum crash

From: Scott Godin <sgodin@xxxxxxxxxxxxxxx>
Date: Wed, 7 May 2014 08:55:46 -0400

If your application calls ServerSubscription::send and sends a NOTIFY with state Terminated or Dialog destroying response code from a thread other than the DUM thread, then delete this is called and ServerSubscriptions map in DialogUsageManager will be modified outside of the DUM thread by the ServerSubscription destructor.

Scott

On Wed, May 7, 2014 at 8:22 AM, palladin <p-aladin@xxxxxxxxx> wrote:

Dear resip devels,
resiprocate 1.9.2

I have met strange dum crash,
please consider next output:

#0 resip::BaseUsage::getBaseHandle (this=0x0) at BaseUsage.cxx:38
No locals.
#1 0x00007f7f1bb85e8d in resip::ServerSubscription::getHandle (this=0x0) at ServerSubscription.cxx:19
No locals.
#2 0x00007f7f1bb7ec81 in resip::ServerPublication::updateMatchingSubscriptions (this=0x7f7ef80e4440) at ServerPublication.cxx:65
i = {first = {static Preallocate = {<No data fields>}, static Empty = {static Preallocate = <same as static member of an already seen type>, static Empty = <sam
e as static member of an already seen type>, static npos = 4294967295, mBuf = "", mSize = 0, mCapacity = 16, mPreBuffer = '\000' <repeats 15 times>, mShareEnum = 0}, st
atic npos = 4294967295, mBuf = <Address 0x8 out of bounds>, mSize = 31238560, mCapacity = 0, mPreBuffer = "@\253\334\001", '\000' <repeats 11 times>, mShareEnum = 0},
second = }
key = {static Preallocate = {<No data fields>}, static Empty = {static Preallocate = <same as static member of an already seen type>, static Empty = <same as st
atic member of an already seen type>, static npos = 4294967295, mBuf = 0x7f7f1c057b30 "", mSize = 0, mCapacity = 16, mPreBuffer = '\000' <repeats 15 times>, mShareEnum
= 0}, static npos = 4294967295, mBuf = 0x7f7ef8196b80 "4417437702501252@x.x.x.x:5060", mSize = 44, mCapacity = 44, mPreBuffer = "\360\021\304\221\377\177
\000\000\235(\031\034\177\177\000", mShareEnum = 2}
subs = {first = <error reading variable>
handler = 0x7fff91c3f850
#3 0x00007f7f1bb7ef46 in resip::ServerPublication::accept (this=0x7f7ef80e4440, statusCode=<value optimized out>) at ServerPublication.cxx:78

Actually subs.first points to some garbage and it looks like std::multimap::equal_range returned corrupted iterator.
Could you please advise if there is any chance of asynchronous modification of any Dialog or asynchronous ServerSubscription creation/destruction?

Sincerely,tez
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@resiprocate.org
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel

References:
- [reSIProcate] Strange dum crash
  - From: palladin

Prev by Date: [reSIProcate] Strange dum crash
Next by Date: [reSIProcate] GenericIPAddress and ipv6
Previous by thread: [reSIProcate] Strange dum crash
Next by thread: [reSIProcate] GenericIPAddress and ipv6
Index(es):
- Date
- Thread