#93 Memory leak in handling of incoming ACK request
Valgrind reports leaks in a simple UAS application written using Sofia-NUA library (1.12.7). One possible leak which has been noticed is in handling of incoming ACK request for 2xx response.
Prelim analysis suggests that the memory home for the incoming ACK request is not un-ref-ed (since it is not stored as separate irq object in any saved list)
Adding the following code block (delimited by PATCH_START comment in code snippet below) at the end of nua_event() function in nua.c fixes the leak. This may not be the proper fix.
/*# Receive event from protocol machine and hand it over to application */
void nua_event(nua_t *root_magic, su_msg_r sumsg, event_t *e)
{
nua_t *nua;
nua_handle_t *nh = e->e_nh;
enter;
e->e_nh = NULL;
if (nh) {
if (!nh->nh_ref_by_user && nh->nh_valid) {
nh->nh_ref_by_user = 1;
nua_handle_ref(nh);
}
}
if (!nh || !nh->nh_valid) { /* Handle has been destroyed */
if (nua_log->log_level >= 7) {
char const *name = nua_event_name(e->e_event) + 4;
SU_DEBUG_7(("nua(%p): event %s dropped\n", (void *)nh, name));
}
if (nh && !NH_IS_DEFAULT(nh) && nua_handle_unref(nh)) {
#if HAVE_NUA_HANDLE_DEBUG
SU_DEBUG_0(("nua(%p): freed by application\n", (void *)nh));
#else
SU_DEBUG_9(("nua(%p): freed by application\n", (void *)nh));
#endif
}
if (e->e_msg)
msg_destroy(e->e_msg), e->e_msg = NULL;
return;
}
nua = nh->nh_nua; assert(nua);
if (NH_IS_DEFAULT(nh))
nh = NULL;
if (e->e_event == nua_r_shutdown && e->e_status >= 200)
nua->nua_shutdown_final = 1;
if (nua->nua_callback) {
nua_event_frame_t frame[1];
su_msg_remove_refs(sumsg); /* Remove references to tasks */
su_msg_save(frame->nf_saved, sumsg);
frame->nf_nua = nua;
frame->nf_next = nua->nua_current, nua->nua_current = frame;
nua->nua_callback(e->e_event, e->e_status, e->e_phrase,
nua, nua->nua_magic,
nh, nh ? nh->nh_magic : NULL,
e->e_msg ? sip_object(e->e_msg) : NULL,
e->e_tags);
su_msg_destroy(frame->nf_saved);
if (frame->nf_nua == NULL)
return;
nua->nua_current = frame->nf_next;
}
/* __PATCH_START__ */
if (e && e->e_msg && e->e_event == nua_i_ack)
{
/*specific for ACK event*/
su_home_unref(msg_home(e->e_msg));
}
/* __PATCH_END__ */
if (nh && nua_handle_unref(nh)) {
#if HAVE_NUA_HANDLE_DEBUG
SU_DEBUG_0(("nua(%p): freed by application\n", (void *)nh));
#else
SU_DEBUG_9(("nua(%p): freed by application\n", (void *)nh));
#endif
}
}
Looks like this has been fixed already in 1.12.9.