TimerQueue crash

[falvarezoliva]

Sometimes the service crash due to pointer exception in function TimerQueue::remove because entry->m_prev and entry->m_next are null pointers.

      else {
        assert( entry->m_prev ) ;
        assert( entry->m_next ) ;
        entry->m_prev->m_next = entry->m_next ;
        entry->m_next->m_prev = entry->m_prev ;
      }

I think that something is wrong in the function doTimer. In the following code when !expired, set both links prev and next of ptr to NULL
and after, makes this ptr = ptr->m_next so original ptr is orphan. This produce that when remove is invoked with this ptr, application crash

  if( !expired ) {
    expired = tailExpired = ptr ;
    ptr->m_prev = ptr->m_next = NULL ;
  }
  else {
    tailExpired->m_next = ptr ;
    ptr->m_prev = tailExpired ;
    tailExpired = ptr ;
  }
  ptr = ptr->m_next ;

[davehorton]

please provide a stack trace from such a crash

[falvarezoliva]

I will send you a trace but only tell me if this is a possible bug. The timer funcion executes doTimer but not drachtio::LockingTimerQueue::doTimer so is violating the mutex and also crash

void timer_function( void rm, su_timer_t * timer, void p ) {

drachtio::TimerQueue* queue = static_cast<drachtio::TimerQueue*>( p ) ;

queue->doTimer(timer);

}

[falvarezoliva]

Log of crash

drachtio.log

[davehorton]

stack trace?