From: Peter G. <jpg...@gm...> - 2008-06-25 16:29:09
|
On Wed, Jun 25, 2008 at 11:12 AM, Dennis Christopher <DCh...@pi...> wrote: > HI Peter, > I am working with 2.1beta3. > > Sorry I got two variables mixed together. The iax_get_event() code is using > an already freed ptr in the clause I mentioned thru the fh variable. > fh is assigned frame->data, which is the already freed ptr. the data member > in turn comes from cur->frame with cur coming > from iax_get_sched(). I noticed that when this happens that cur->event is > null. One thing to note is that the iax_sched object acts as a sort of union holding either an event, a frame, or a function. These are all schedulable objects. It is expected that only one of event, frame, or func will be non-null. That said, I think I may see the problem you are alluding to. What I see is that there are two ways that iax_frame objects are allocated. In iax_frame_new(), there is a single allocation for both the struct iax_frame and it's data; in iax_reliable_xmit() there are separate allocations for the struct iax_frame and the data. This leads to the problem where the frame->data is sometimes free()ed separately from the frame data itself. I suspect that this may be what is triggering whatever diagnostic you are looking at. Another issue that I see is that there are several places where iax_sched objects are free()ed without freeing the event and/or frame objects they point to. I see this in iax_sched_del(), iax_sched_vnak(), and destroy_session(). I will be taking a closer look at these issues. Do these issues seem like they might be related to the problem you are attempting to point out? What tools are you using to get the diagnostic about already freed pointers? Thanks, Pete |