[reSIProcate] NULL Pointer crash with resip 1.3.3 - [PATCH] for part of issue
Byron Campen
bcampen at estacado.net
Mon Jul 14 21:22:01 CDT 2008
You know, the last time you reported a crash, it was related to
AppDialogSet reuse. If I recall correctly, I wanted to get rid of it
at that time.
Everyone: Can we remove this entirely now? Pretty please? I really,
really like it when I can fix bugs by deleting code...
Best regards,
Byron Campen
> Here is a simple patch which I believe addresses part of the issue
> we are seeing.
>
>
>
> Index: resip/dum/ClientSubscription.cxx
>
> ===================================================================
>
> --- resip/dum/ClientSubscription.cxx (revision 8133)
>
> +++ resip/dum/ClientSubscription.cxx (working copy)
>
> @@ -78,10 +78,7 @@
>
> if (!mOnNewSubscriptionCalled && !getAppDialogSet()->isReUsed
> ())
>
> {
>
> InfoLog (<< "[ClientSubscription] " << mLastRequest-
> >header(h_To));
>
> - if (msg.exists(h_Contacts))
>
> - {
>
> - mDialog.mRemoteTarget = msg.header(h_Contacts).front();
>
> - }
>
> + mDialog.mRemoteTarget = msg.header(h_To);
>
>
>
> handler->onNewSubscription(getHandle(), msg);
>
> mOnNewSubscriptionCalled = true;
>
> --
>
>
>
> The original symptom of an empty From/To header was caused by the
> mRemoteTarget being set with the contact address which is almost
> always (IP:Port) or just (DNS name:port). The mRemoteTarget was
> then used to build the resubscribe if you requested it which
> resulted in the empty to/from username.
>
>
>
> I believe that all the if…else cases which tested mRemoteTarget for
> Uri / Host values aren’t needed if the above is fixed properly.
>
>
>
> There is still the issue that the getAppDialogSet() crashes since
> the pointer is NULL
>
>
>
> -Aron
>
>
>
>
>
>
>
> From: resiprocate-devel-bounces at resiprocate.org [mailto:resiprocate-
> devel-bounces at resiprocate.org] On Behalf Of Aron Rosenberg
> Sent: Monday, July 14, 2008 4:20 PM
> To: resiprocate-devel
> Subject: Re: [reSIProcate] NULL Pointer crash with resip 1.3.3
>
>
>
> I was finally able to get a working pcap, resip log and debug
> crash at the same time. Here is what is going on
>
>
>
> 1. Client makes subscription
>
> 2. Client ends the subscription by invoking end() on the handle
>
> 3. This end results in a local 408 error, which calls
> onRequestRetry
>
> 4. Our code returns 0 to onRequestRetry
> (ClientSubscriptionHandle) to retry the request since we want the
> server to know we ended the sub
>
> 5. "Application requested immediate retry on Retry-After" is
> printed to log
>
> 6. Crash happens in the else statement in
> ClientSubscription.cxx:198 when trying to call getAppDialogSet()-
> >reuse().
>
>
>
> I have a full log (over 100MB of resip data which I can send to a
> developer who wants to look at it along with the matching pcap
> error file
>
>
>
> -Aron
>
>
>
>
>
> From: resiprocate-devel-bounces at resiprocate.org [mailto:resiprocate-
> devel-bounces at resiprocate.org] On Behalf Of Aron Rosenberg
> Sent: Monday, July 14, 2008 2:17 PM
> To: resiprocate-devel
> Subject: Re: [reSIProcate] NULL Pointer crash with resip 1.3.3
>
>
>
> Here is a little bit more information gleaned from a pcap trace.
>
>
>
> The stack seems to be crashing when dealing with a 400 error where
> the “From:” header looks like this
>
>
>
> “From: <sip:>;tag=5b461e50”
>
>
>
> I was able to find the outbound SUBSCRIBE request and it also has
> an empty From address so something strange is going on in the
> stack. Still working on getting the resip logs.
>
>
>
> -Aron
>
>
>
> From: resiprocate-devel-bounces at resiprocate.org [mailto:resiprocate-
> devel-bounces at resiprocate.org] On Behalf Of Aron Rosenberg
> Sent: Monday, July 14, 2008 11:50 AM
> To: resiprocate-devel
> Subject: [reSIProcate] NULL Pointer crash with resip 1.3.3
>
>
>
> Resip ver: SVN rev 8128 on 1.3 branch
>
>
>
> Call Stack:
>
> resip::AppDialogSet::getHandle() Line 22 + 0x3 bytes C++
> resip::DialogUsage::getAppDialogSet() Line 38 + 0x18 bytes C++
> resip::ClientSubscription::processResponse(const resip::SipMessage
> & msg={...}) Line 198 + 0x12 bytes C++
> resip::ClientSubscription::dispatch(const resip::SipMessage & msg=
> {...}) Line 117 C++
> resip::Dialog::dispatch(const resip::SipMessage & msg={...}) Line
> 651 + 0x1a bytes C++
> resip::DialogSet::dispatchToAllDialogs(const resip::SipMessage &
> msg={...}) Line 1028 C++
> resip::DialogSet::dispatch(const resip::SipMessage & msg={...})
> Line 608 C++
> resip::DialogUsageManager::processResponse(const resip::SipMessage
> & response={...}) Line 1810 C++
> resip::DialogUsageManager::incomingProcess
> (std::auto_ptr<resip::Message> msg=auto_ptr {tu=??? }) Line 1363 C++
> resip::DialogUsageManager::internalProcess
> (std::auto_ptr<resip::Message> msg=auto_ptr {tu=??? }) Line 1190 C++
> resip::DialogUsageManager::process(resip::RWMutex *
> mutex=0x00000000) Line 1390 + 0x49 bytes C++
> SipEP::run() Line 3408 + 0xa bytes C++
>
>
>
> The crash is because the appDialogSet returned in
> DialogUsage::getAppDialogSet() is NULL.
>
>
>
> It came from our production client and is reasonable repeatable, so
> I am working on getting the resip logs that would go with it.
>
>
>
> -Aron
>
>
>
>
>
> ---------------------------------------------
>
> Aron Rosenberg
>
> Founder and CTO
>
> SightSpeed - http://www.sightspeed.com/
>
>
>
> 918 Parker St, Suite A14
>
> Berkeley, CA 94710
>
>
>
> Email: arosenberg at sightspeed.com
>
> Phone: 510-665-2920
>
> Cell: 510-847-7389
>
> Fax: 510-649-9569
>
> SightSpeed Video Link: http://aron.sightspeed.com
>
>
>
>
>
>
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20080714/6e7dcac2/attachment.htm>
More information about the resiprocate-devel
mailing list