| Summary: | ASTERISK-08107: improper handling of sip_pvt references. | ||
| Reporter: | Luigi Rizzo (rizzo) | Labels: | |
| Date Opened: | 2006-11-10 10:20:00.000-0600 | Date Closed: | 2011-06-07 14:08:19 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | i recently started aiming sipp at my asterisk to fire a large number of calls to it, and notice that even after i stop sipp, there is a large number of entries in "sip show channels" that do not go away. i have fixed a few (but not all) of them in team/rizzo/astobj2/, and essentially there are two kinds of problems at least: 1. references to 'struct sip pvt' ("dialogs" ?) are deleted without deleting the corresponding record from the dialoglist, and if the entry does not have some sort of timeout set, the monitor task do_monitor() will not destroy it; 2. the structure is deleted, but the pointer is left around, possibly causing memory corruption problems; Case 2 is trivial to fix - make sip_destroy() return NULL and replace calls to "sip_destroy(foo->call)" with "foo->call = sip_destroy(foo->call)". As a side effect, the potential memory corruption problems will be turned in instant death of the program because we are dereferencing a NULL pointer. Case 1 is not entirely trivial to fix because i am a bit unclear on whether multiple objects (apart from sip_pkt) can have a reference to the same dialog, in which case it is equally unclear who is in charge to delete it ultimately. If a "dialog" can only be referenced by a single non-sip_pkt object, then a reasonable fix would be to replace lines like "foo->call = NULL" with "foo->call = sip_destroy(foo->call)" ****** ADDITIONAL INFORMATION ****** the problems appear to exist both in trunk and 1.4. I am willing to handle case 2 if you authorize me (but don't ask to see a patch first, it's a trial and error process, and the code in team/rizzo/astobj2 basically has this already implemented). For case 1, i can do something for the 'easy' cases, but this is something that may take some time and we should not hope to have it fixed for 1.4.0 | ||
| Comments: | By: Olle Johansson (oej) 2006-11-10 13:03:20.000-0600 Please create a clean branch based on 1.4 and work on that without mixing with other patches and we'll hash it out. Thanks! By: Olle Johansson (oej) 2006-11-10 13:13:59.000-0600 Can you please add a SIP history of one of these channels that hang around? Thanks. By: Olle Johansson (oej) 2006-11-10 13:32:25.000-0600 i have been suspecting the ignore flag for a long time to cause these kind of issues. If we get repeated retransmits, no one knows what happens, really. By: Olle Johansson (oej) 2006-12-01 01:43:30.000-0600 A sip history please? I've been trying desperately to repeat this and I don't get any hanging channels. By: Olle Johansson (oej) 2006-12-05 13:04:53.000-0600 No answer from reporter. Please re-open when you have additional information. | ||