core调用栈
Thread 1 (Thread 0x5c8c9460 (LWP 3562)):
#0 0x4182e8e8 in raise () from /lib/libc.so.6
#1 0x4183271c in abort () from /lib/libc.so.6
#2 0x4186573c in __libc_message () from /lib/libc.so.6
#3 0x4186ff04 in malloc_printerr () from /lib/libc.so.6
#4 0x0011f7d4 in sdp_connection_free ()
#5 0x0010503c in osip_list_special_free ()
#6 0x0011fc6c in sdp_media_free ()
#7 0x0010503c in osip_list_special_free ()
#8 0x00124d74 in sdp_message_free ()
#9 0x000e6634 in SipMessageTranslate (sip=0xaca7100, OutBoundAddress=0x5c8c8a3c "", OutBoundPort=0x5c8c8bb0, bEnableRouteNewMsg=1,
pLocalSipUsedEthIp=0x5c8c8abc "", ulLocalSipUsedEthPort=0x5c8c8bac, workerid=1) at SipRouteManager.cpp:4973
#10 0x000d815c in SynwaySipEventCallback (pEvent=0x208d178, flag=5) at SipRouteManager.cpp:1143
#11 0x402f8838 in ProcessSipEventRoute (workerid=1) at SipLogical.cpp:2691
#12 0x402dad6c in SipEventHandleThreadFR (lpParam=0x41403a1c <thread_param+4>) at SipInterface.cpp:1619
#13 0x4003ee64 in start_thread () from /lib/libpthread.so.0
#14 0x418cd588 in ?? () from /lib/libc.so.6
core分析
sdp_message_free内存释放存在问题,分析代码中sdp消息修改的内容
sdp_connection_t* audio_con = static_cast<sdp_connection_t*>(osip_list_get(&med->c_connections, 0));
if (audio_con != NULL)
{
if (audio_con->c_addr != NULL)
{
osip_free(audio_con->c_addr);
}
audio_con->c_addr = c_addr;
}
原因:
直接让 audio_con->c_addr 指向 c_addr 所指向的内存,那么多个 sdp_connection_t 结构体可能会共享同一块内存。一旦原始的 c_addr 指向的内存被修改或者释放,所有指向该内存的 audio_con->c_addr 都会受到影响,导致指针悬挂
修改
使用 osip_strdup 进行复制,每个 sdp_connection_t 结构体中的 c_addr 都有自己独立的内存副本。这样,每个结构体中的地址信息可以独立修改和管理,不会相互影响
char* osip_strdup(const char *ch)
{
char *copy = NULL;
size_t length;
if (ch == NULL)
return NULL;
length = strlen (ch);
copy = (char*)osip_malloc(length + 1);
osip_strncpy(copy, ch, length);
return copy;
}
if (audio_con != NULL)
{
if (audio_con->c_addr != NULL)
{
osip_free(audio_con->c_addr);
audio_con->c_addr = NULL;
}
char* new_addr = osip_strdup(c_addr);
if (new_addr != NULL)
{
audio_con->c_addr = new_addr;
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
