Hey Benny!
I think I found the place where vptr seems to be getting corrupted!
First of all, I have to say that I am saving the dialog(dlg in a
singleton class: SIPEngine::instance->dlg->remote.contact->uri) whose
remote.contact->uri's vptr value is invalid.
Secondly, using Visual Studio I created a data breakpoint to check where
dlg->remote.contact->uri was being changed, and it showed me that it
gains invalid value in print_util.h's init_hdr. Here is the complete
stack trace:
> PCCommunicator.exe!init_hdr(void * hptr=0x0d8e9d88, pjsip_hdr_e
htype=PJSIP_H_CONTACT, void * vptr=0x0131825c) Line 129 C
PCCommunicator.exe!pjsip_contact_hdr_init(pj_pool_t *
pool=0x0d8e8ff8, void * mem=0x0d8e9d88) Line 1107 + 0x10 bytes C
PCCommunicator.exe!pjsip_contact_hdr_create(pj_pool_t *
pool=0x0d8e8ff8) Line 1116 + 0xd bytes C
PCCommunicator.exe!parse_hdr_contact(pjsip_parse_ctx *
ctx=0x0dbbf20c) Line 1712 + 0xc bytes C
PCCommunicator.exe!int_parse_msg(pjsip_parse_ctx * ctx=0x0dbbf20c,
pjsip_parser_err_report * err_list=0x0d8e9964) Line 963 + 0xc bytes C
PCCommunicator.exe!pjsip_parse_rdata(char * buf=0x0d8e90fc,
unsigned int size=0x00000400, pjsip_rx_data * rdata=0x0d8e905c) Line
758 + 0x12 bytes C
PCCommunicator.exe!pjsip_tpmgr_receive_packet(pjsip_tpmgr *
mgr=0x0b50db68, pjsip_rx_data * rdata=0x0d8e905c) Line 1350 + 0x11
bytes C
PCCommunicator.exe!udp_on_read_complete(pj_ioqueue_key_t *
key=0x0b50b78c, pj_ioqueue_op_key_t * op_key=0x0d8e9068, long
bytes_read=0x00000400) Line 165 + 0x16 bytes C
PCCommunicator.exe!ioqueue_dispatch_read_event(pj_ioqueue_t *
ioqueue=0x0b50b1d8, pj_ioqueue_key_t * h=0x0b50b78c) Line 550 + 0x16
bytes C
PCCommunicator.exe!pj_ioqueue_poll(pj_ioqueue_t *
ioqueue=0x0b50b1d8, const pj_time_val * timeout=0x0dbbfcac) Line 763 +
0x17 bytes C
PCCommunicator.exe!pjsip_endpt_handle_events2(pjsip_endpoint *
endpt=0x0b8bd05c, const pj_time_val * max_timeout=0x0dbbfe7c, unsigned
int * p_count=0x00000000) Line 718 + 0x10 bytes C
PCCommunicator.exe!pjsip_endpt_handle_events(pjsip_endpoint *
endpt=0x0b8bd05c, const pj_time_val * max_timeout=0x0dbbfe7c) Line 745
+ 0xf bytes C
PCCommunicator.exe!EventHandler(void * __formal=0x00000000) Line
630 + 0x16 bytes C++
PCCommunicator.exe!thread_main(void * param=0x0b48df94) Line 413 +
0x11 bytes C
Thirdly, I can see that SIPEngine::instance->dlg->remote.contact->uri
points to 0x0d8e9d98.
In init_hdr, we have these lines:
hdr->name.ptr = pjsip_hdr_names[htype].name;
hdr->name.slen = pjsip_hdr_names[htype].name_len;
I can see that pjsip_hdr_names[htype].name is "Contact" and, so
pjsip_hdr_names[htype].name_len is 7 (0x00000007)
Surprisingly or not, in init_hdr, &hdr->name.slen is precisely
*0x0d8e9d98*, so this is the instruction that "corrupts"
SIPEngine::instance->dlg->remote.contact->uri.
Tracing back the call to pjsip_contact_hdr_create, I can see that mem
points to 0x0d8e9d98 (SIPEngine::instance->dlg->remote.contact->uri's
location), which leads me to believe that there must be some kind of
problem with PJSIP's memory allocation system.
Am I wrong?
I attached the log, just in case it is needed.
Cheers
Pedro Gon?alves
Pedro Gon?alves wrote:
> Hi Benny
>
> As requested, I am starting a new thread related to vptr's invalid value
>
> Benny Prijono wrote:
>> On Mon, Aug 11, 2008 at 10:30 AM, Pedro Gon?alves
>> <pedro.pandre at gmail.com <mailto:pedro.pandre at gmail.com>> wrote:
>>
>> I already added that code; however, now the application is
>> crashing in
>> other place (I guess it's just a matter of time until the assert
>> fails
>> again, and I will send you the log the next time the assert
>> fails), in
>> sip_uri.h's pjsip_uri_cmp(), because uri1's vptr has invalid value
>> (everytime this fails, vptr's value is 0x00000007). If I trace
>> back the
>>
>>
>> I guess that's because the URI value is NULL.
> URI? Which URI?
> Parameters uri1 and uri2 aren't null.
> It's just ((const pjsip_uri*)uri1)->vptr that has an invalid value
> (0x00000007), and it when this exception happens, it always has that
> value(0x00000007).
> I've included the stack trace below.
> In the stack trace we can see that the received uri1 is, in fact,
> dlg->remote.contact->uri, in pjsip_dlg_on_rx_request().
> Any idea why the dialog's remote contact's uri's vptr has such invalid
> value or where it can be changed?
>
>
> I've attached both the log and the capture I made when this exception
> happened.
>
>>
>>
>>
>> stack to mod_ua_on_rx_request, I can see that uri1's vptr already
>> has
>> that invalid value. Any ideas that can help understanding this?
>>
>> Here is the stack trace:
>> > PCCommunicator.exe!pjsip_uri_cmp(pjsip_uri_context_e
>> context=PJSIP_URI_IN_REQ_URI, const void * uri1=0x0c02fd98, const
>> void *
>> uri2=0x0c02fdd0) Line 275 + 0x13 bytes C
>> PCCommunicator.exe!pjsip_dlg_on_rx_request(pjsip_dialog *
>> dlg=0x0f89e85c, pjsip_rx_data * rdata=0x0c02f05c) Line 1545 + 0x2d
>> bytes C
>>
>>
>> Looking at this stack trace, I couldn't correlate it to the current
>> code, so probably this issue has been fixed recently. It's probably
>> related to this ticket: http://trac.pjsip.org/repos/ticket/580
>>
>> So could you please update to the latest SVN?
> I updated to the latest SVN version, and the stack trace looks similar:
> > PCCommunicator.exe!pjsip_uri_cmp(pjsip_uri_context_e
> context=PJSIP_URI_IN_REQ_URI, const void * uri1=0x0d9b9d98, const void
> * uri2=0x0d9b9dd0) Line 275 + 0x13 bytes C
> PCCommunicator.exe!pjsip_dlg_on_rx_request(pjsip_dialog *
> dlg=0x0fb3c85c, pjsip_rx_data * rdata=0x0d9b905c) Line 1537 + 0x2d
> bytes C
> PCCommunicator.exe!mod_ua_on_rx_request(pjsip_rx_data *
> rdata=0x0d9b905c) Line 682 + 0xd bytes C
> PCCommunicator.exe!endpt_on_rx_msg(pjsip_endpoint *
> endpt=0x0b8bd05c, int status=0x00000000, pjsip_rx_data *
> rdata=0x0d9b905c) Line 902 + 0x11 bytes C
> PCCommunicator.exe!pjsip_tpmgr_receive_packet(pjsip_tpmgr *
> mgr=0x0b50db68, pjsip_rx_data * rdata=0x0d9b905c) Line 1447 + 0x17
> bytes C
> PCCommunicator.exe!udp_on_read_complete(pj_ioqueue_key_t *
> key=0x0b50b78c, pj_ioqueue_op_key_t * op_key=0x0d9b9068, long
> bytes_read=0x00000400) Line 165 + 0x16 bytes C
> PCCommunicator.exe!ioqueue_dispatch_read_event(pj_ioqueue_t *
> ioqueue=0x0b50b1d8, pj_ioqueue_key_t * h=0x0b50b78c) Line 550 + 0x16
> bytes C
> PCCommunicator.exe!pj_ioqueue_poll(pj_ioqueue_t *
> ioqueue=0x0b50b1d8, const pj_time_val * timeout=0x0dc8fcac) Line 763
> + 0x17 bytes C
> PCCommunicator.exe!pjsip_endpt_handle_events2(pjsip_endpoint *
> endpt=0x0b8bd05c, const pj_time_val * max_timeout=0x0dc8fe7c, unsigned
> int * p_count=0x00000000) Line 718 + 0x10 bytes C
> PCCommunicator.exe!pjsip_endpt_handle_events(pjsip_endpoint *
> endpt=0x0b8bd05c, const pj_time_val * max_timeout=0x0dc8fe7c) Line
> 745 + 0xf bytes C
> PCCommunicator.exe!EventHandler(void * __formal=0x00000000) Line
> 630 + 0x16 bytes C++
> PCCommunicator.exe!thread_main(void * param=0x0b48df94) Line 413
> + 0x11 bytes C
>
>
> Many thanks for all the help
> Pedro Gon?alves
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: vptr_invalid_value.log
Url: http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20080811/3c9b5719/attachment-0001.pl
