On Tue, Aug 12, 2008 at 2:26 PM, Pedro Gon?alves <pedro.pandre at gmail.com>wrote: > > > > Actually the stack trace is wrong. The dlg->remote.contact->uri is > > never initialized like the stack trace shows, since it should have > > come from pjsip_contact_hdr_clone() instead. So you're watching the > > wrong variable. > > > > -benny > Sorry, maybe I didn't make myself clear. > I'm not saying that dlg->remote.contact->uri is initialized this way. > I am saying that dlg->remote.contact->uri gets corrupted by the > mentioned stack trace. > I see. > I can reproduce this behaviour all the time. > > That's the problem, since I can't reproduce it here. Can you reproduce it with pjsua or simpleua? > It seems to me that the problem starts in pjsip_contact_hdr_create(), > where a pj_pool_alloc() is made. > This is the one called by the parser, right? > I set a breakpoint there, and I can see that this instruction: > void *mem = pj_pool_alloc(pool, sizeof(pjsip_contact_hdr)); > makes mem point to 0x0d9a9d88. > The problem is that SIPEngine::instance->dlg->remote.contact->uri points > to 0x0d9a9d98. > > This way, mem will be overlapped with > SIPEngine::instance->dlg->remote.contact->uri, thus corrupting it when > writing to its location (which happens in init_hdr). > I see. > > Any idea why this happens? > The only possibility that I can think of is if you set dlg->remote.contact->uri yourself. > > Why does pj_pool_alloc return a pointer to an occupied zone? > It can't. A more plausible explanation is that dlg->remote.contact->uri is a stale pointer, or it was allocated using rdata->tp_info.pool rather than dlg->pool. I checked the code in sip_dialog.c and nothing does this. > Do you think that for some reason the pool where > SIPEngine::instance->dlg->remote.contact->uri is (is it > SIPEngine::instance->dlg->pool?) was released?! > > I don't think so. If dlg->pool has been released then all the pointers in the dialog will become stale and the program would crash before that. Does the application ever touched dlg->remote.contact or dlg->remote.contact->uri at all? -benny -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20080812/4c89f9ab/attachment.html
