Ignore:
Timestamp:
Oct 22, 2013 10:16:28 AM (10 years ago)
Author:
ming
Message:

Fixed #1706: Race condition in SIP transaction

File:
1 edited

Legend:

Unmodified
Added
Removed

  • pjproject/trunk/pjsip/src/pjsip/sip_transaction.c

    r4567 r4630  
    649649          pj_hash_get_lower( mod_tsx_layer.htable, key->ptr,  
    650650                             (unsigned)key->slen, &hval ); 
     651     
     652    /* Prevent the transaction to get deleted before we have chance to lock it. 
     653     */ 
     654    if (tsx && lock) 
     655        pj_grp_lock_add_ref(tsx->grp_lock); 
     656     
    651657    pj_mutex_unlock(mod_tsx_layer.mutex); 
    652658 
     
    655661                hval, key->slen, key->ptr, tsx)); 
    656662 
    657     /* Race condition! 
    658      * Transaction may gets deleted before we have chance to lock it. 
    659      */ 
    660     PJ_TODO(FIX_RACE_CONDITION_HERE); 
     663    /* Simulate race condition! */ 
    661664    PJ_RACE_ME(5); 
    662665 
    663     if (tsx && lock) 
     666    if (tsx && lock) { 
    664667        pj_grp_lock_acquire(tsx->grp_lock); 
     668        pj_grp_lock_dec_ref(tsx->grp_lock); 
     669    } 
    665670 
    666671    return tsx; 
     
    799804    } 
    800805 
     806    /* Prevent the transaction to get deleted before we have chance to lock it 
     807     * in pjsip_tsx_recv_msg(). 
     808     */ 
     809    pj_grp_lock_add_ref(tsx->grp_lock); 
     810     
    801811    /* Unlock hash table. */ 
    802812    pj_mutex_unlock( mod_tsx_layer.mutex ); 
    803813 
    804     /* Race condition! 
    805      * Transaction may gets deleted before we have chance to lock it 
    806      * in pjsip_tsx_recv_msg(). 
    807      */ 
    808     PJ_TODO(FIX_RACE_CONDITION_HERE); 
     814    /* Simulate race condition! */ 
    809815    PJ_RACE_ME(5); 
    810816 
    811817    /* Pass the message to the transaction. */ 
    812818    pjsip_tsx_recv_msg(tsx, rdata ); 
     819     
     820    pj_grp_lock_dec_ref(tsx->grp_lock); 
    813821 
    814822    return PJ_TRUE; 
     
    850858    } 
    851859 
     860    /* Prevent the transaction to get deleted before we have chance to lock it 
     861     * in pjsip_tsx_recv_msg(). 
     862     */ 
     863    pj_grp_lock_add_ref(tsx->grp_lock); 
     864 
    852865    /* Unlock hash table. */ 
    853866    pj_mutex_unlock( mod_tsx_layer.mutex ); 
    854867 
    855     /* Race condition! 
    856      * Transaction may gets deleted before we have chance to lock it 
    857      * in pjsip_tsx_recv_msg(). 
    858      */ 
    859     PJ_TODO(FIX_RACE_CONDITION_HERE); 
     868    /* Simulate race condition! */ 
    860869    PJ_RACE_ME(5); 
    861870 
    862871    /* Pass the message to the transaction. */ 
    863872    pjsip_tsx_recv_msg(tsx, rdata ); 
     873     
     874    pj_grp_lock_dec_ref(tsx->grp_lock); 
    864875 
    865876    return PJ_TRUE; 
Note: See TracChangeset for help on using the changeset viewer.