当前位置：首页 > news >正文

linux-core分析 : sip变量赋值-指针悬挂

news 来源：原创 2025/5/16 7:05:54

文章目录

- - core调用栈
  - core分析
  - 修改

core调用栈

Thread 1 (Thread 0x5c8c9460 (LWP 3562)):
#0  0x4182e8e8 in raise () from /lib/libc.so.6
#1  0x4183271c in abort () from /lib/libc.so.6
#2  0x4186573c in __libc_message () from /lib/libc.so.6
#3  0x4186ff04 in malloc_printerr () from /lib/libc.so.6
#4  0x0011f7d4 in sdp_connection_free ()
#5  0x0010503c in osip_list_special_free ()
#6  0x0011fc6c in sdp_media_free ()
#7  0x0010503c in osip_list_special_free ()
#8  0x00124d74 in sdp_message_free ()
#9  0x000e6634 in SipMessageTranslate (sip=0xaca7100, OutBoundAddress=0x5c8c8a3c "", OutBoundPort=0x5c8c8bb0, bEnableRouteNewMsg=1,
    pLocalSipUsedEthIp=0x5c8c8abc "", ulLocalSipUsedEthPort=0x5c8c8bac, workerid=1) at SipRouteManager.cpp:4973
#10 0x000d815c in SynwaySipEventCallback (pEvent=0x208d178, flag=5) at SipRouteManager.cpp:1143
#11 0x402f8838 in ProcessSipEventRoute (workerid=1) at SipLogical.cpp:2691
#12 0x402dad6c in SipEventHandleThreadFR (lpParam=0x41403a1c <thread_param+4>) at SipInterface.cpp:1619
#13 0x4003ee64 in start_thread () from /lib/libpthread.so.0
#14 0x418cd588 in ?? () from /lib/libc.so.6

core分析

sdp_message_free内存释放存在问题，分析代码中sdp消息修改的内容

sdp_connection_t* audio_con = static_cast<sdp_connection_t*>(osip_list_get(&med->c_connections, 0));
	if (audio_con != NULL)
	{
		if (audio_con->c_addr != NULL)
        {
            osip_free(audio_con->c_addr);
        }
		audio_con->c_addr = c_addr;
	}

原因：
直接让 audio_con->c_addr 指向 c_addr 所指向的内存，那么多个 sdp_connection_t 结构体可能会共享同一块内存。一旦原始的 c_addr 指向的内存被修改或者释放，所有指向该内存的 audio_con->c_addr 都会受到影响，导致指针悬挂

修改

使用 osip_strdup 进行复制，每个 sdp_connection_t 结构体中的 c_addr 都有自己独立的内存副本。这样，每个结构体中的地址信息可以独立修改和管理，不会相互影响

char* osip_strdup(const char *ch)
{
	char *copy = NULL;
	size_t length;
	
	if (ch == NULL)
		return NULL;
	
	length = strlen (ch);
	
	copy = (char*)osip_malloc(length + 1);
	
	osip_strncpy(copy, ch, length);
	
	return copy;
}

if (audio_con != NULL)
	{
		if (audio_con->c_addr != NULL)
        {
            osip_free(audio_con->c_addr);
			audio_con->c_addr = NULL;
        }
		char* new_addr = osip_strdup(c_addr);
        if (new_addr != NULL)
        {
            audio_con->c_addr = new_addr;
        }
	}