Hi,
I am running a stateful proxy using a modified version of the stateful
proxy sample from the tree - pj version 0.7.0.
I am receiving a malformed REGISTER packet whose CSeq header looks like
this:
CSeq: 38993 EGISTER.
This packet gets thru the parser with no problems (which in itself is
probably a bad thing) and is treated as a REGISTER request (the request
line is not malformed).
The code that handles requests in the proxy module I have this:
status = pjsip_tsx_create_uac(&mod_tu, tdata, &uac_tsx);
if (status != PJ_SUCCESS) {
pjsip_tx_data_dec_ref(tdata);
pjsip_endpt_respond_stateless(global.endpt, rdata,
PJSIP_SC_INTERNAL_SERVER_ERROR,
NULL, NULL, NULL);
return PJ_TRUE;
}
/* Create UAS transaction to handle incoming request */
status = pjsip_tsx_create_uas(&mod_tu, rdata, &uas_tsx);
if (status != PJ_SUCCESS) {
pjsip_tx_data_dec_ref(tdata);
pjsip_endpt_respond_stateless(global.endpt, rdata,
PJSIP_SC_INTERNAL_SERVER_ERROR,
NULL, NULL, NULL);
pjsip_tsx_terminate(uac_tsx, PJSIP_SC_INTERNAL_SERVER_ERROR);
return PJ_TRUE;
}
The call to pjsip_tsx_create_uas fails and a 500 error is sent back.
However the call to pjsip_tsx_terminate causes a crash. More
specifically tsx_set_state which in turn has this code:
if (tsx->tsx_user && tsx->tsx_user->on_tsx_state) {
pjsip_event e;
PJSIP_EVENT_INIT_TSX_STATE(e, tsx, event_src_type, event_src,
prev_state);
(*tsx->tsx_user->on_tsx_state)(tsx, &e);
}
It's the line (*tsx->tsx_user->on_tsx_state)(tsx, &e) that is causing
the crash.
Whats going on?
Thanks,
Brocha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20080722/e6c96c15/attachment.html
