Ignore:
Timestamp:
Sep 17, 2015 6:11:01 AM (4 years ago)
Author:
ming
Message:

Fixed #1886: Ddestruction of locked mutex in SIP dialog

File:
1 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjsip/src/pjsip/sip_dialog.c

    r5170 r5180  
    109109} 
    110110 
    111 static void destroy_dialog( pjsip_dialog *dlg ) 
     111static void destroy_dialog( pjsip_dialog *dlg, pj_bool_t unlock_mutex ) 
    112112{ 
    113113    if (dlg->mutex_) { 
     114        if (unlock_mutex) pj_mutex_unlock(dlg->mutex_); 
    114115        pj_mutex_destroy(dlg->mutex_); 
    115116        dlg->mutex_ = NULL; 
     
    303304 
    304305on_error: 
    305     destroy_dialog(dlg); 
     306    destroy_dialog(dlg, PJ_FALSE); 
    306307    return status; 
    307308} 
     
    552553    } 
    553554 
    554     destroy_dialog(dlg); 
     555    destroy_dialog(dlg, PJ_FALSE); 
    555556    return status; 
    556557} 
     
    726727 
    727728on_error: 
    728     destroy_dialog(dlg); 
     729    destroy_dialog(dlg, PJ_FALSE); 
    729730    return status; 
    730731} 
     
    734735 * Destroy dialog. 
    735736 */ 
    736 static pj_status_t unregister_and_destroy_dialog( pjsip_dialog *dlg ) 
     737static pj_status_t unregister_and_destroy_dialog( pjsip_dialog *dlg, 
     738                                                  pj_bool_t unlock_mutex ) 
    737739{ 
    738740    pj_status_t status; 
     
    758760 
    759761    /* Destroy this dialog. */ 
    760     destroy_dialog(dlg); 
     762    destroy_dialog(dlg, unlock_mutex); 
    761763 
    762764    return PJ_SUCCESS; 
     
    775777    PJ_ASSERT_RETURN(dlg->tsx_count==0, PJ_EINVALIDOP); 
    776778 
    777     return unregister_and_destroy_dialog(dlg); 
     779    return unregister_and_destroy_dialog(dlg, PJ_FALSE); 
    778780} 
    779781 
     
    894896        pj_mutex_unlock(dlg->mutex_); 
    895897        pj_mutex_lock(dlg->mutex_); 
    896         unregister_and_destroy_dialog(dlg); 
     898        /* We are holding the dialog mutex here, so before we destroy 
     899         * the dialog, make sure that we unlock it first to avoid 
     900         * undefined behaviour on some platforms. See ticket #1886. 
     901         */ 
     902        unregister_and_destroy_dialog(dlg, PJ_TRUE); 
    897903    } else { 
    898904        pj_mutex_unlock(dlg->mutex_); 
Note: See TracChangeset for help on using the changeset viewer.