Changeset 5991


Ignore:
Timestamp:
May 15, 2019 2:54:52 AM (5 years ago)
Author:
nanang
Message:

Re #2191: Fixed crash in SIP transport destroy due to bug introduced by r5971, i.e: group lock is set after registering tp to tpmgr, so tpmgr won't call pj_grp_lock_add_ref(), but in unregisteration, group lock is set, so tpmgr will call pj_grp_lock_dec_ref().

Location:
pjproject/trunk/pjsip/src/pjsip
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

    r5984 r5991  
    163163                              const pj_sockaddr *remote, 
    164164                              const pj_str_t *remote_name, 
     165                              pj_grp_lock_t *glock, 
    165166                              struct tls_transport **p_tls); 
    166167 
     
    787788                               const pj_sockaddr *remote, 
    788789                               const pj_str_t *remote_name, 
     790                               pj_grp_lock_t *glock, 
    789791                               struct tls_transport **p_tls) 
    790792{ 
     
    870872 
    871873    tls->ssock = ssock; 
     874 
     875    /* Set up the group lock */ 
     876    tls->grp_lock = tls->base.grp_lock = glock; 
     877    pj_grp_lock_add_ref(tls->grp_lock); 
     878    pj_grp_lock_add_handler(tls->grp_lock, pool, tls, &tls_on_destroy); 
    872879 
    873880    /* Register transport to transport manager */ 
     
    12271234    /* Create the transport descriptor */ 
    12281235    status = tls_create(listener, pool, ssock, PJ_FALSE, &local_addr,  
    1229                         rem_addr, &remote_name, &tls); 
    1230     if (status != PJ_SUCCESS) { 
    1231         pj_grp_lock_destroy(glock); 
     1236                        rem_addr, &remote_name, glock, &tls); 
     1237    if (status != PJ_SUCCESS) 
    12321238        return status; 
    1233     } 
    12341239 
    12351240    /* Set the "pending" SSL socket user data */ 
    12361241    pj_ssl_sock_set_user_data(tls->ssock, tls); 
    1237  
    1238     /* Set up the group lock */ 
    1239     tls->grp_lock = tls->base.grp_lock = glock; 
    1240     pj_grp_lock_add_ref(tls->grp_lock); 
    1241     pj_grp_lock_add_handler(tls->grp_lock, pool, tls, &tls_on_destroy); 
    12421242 
    12431243    /* Start asynchronous connect() operation */ 
     
    13941394     */ 
    13951395    status = tls_create( listener, NULL, new_ssock, PJ_TRUE, 
    1396                          &ssl_info.local_addr, &tmp_src_addr, NULL, &tls); 
     1396                         &ssl_info.local_addr, &tmp_src_addr, NULL, 
     1397                         ssl_info.grp_lock, &tls); 
    13971398     
    13981399    if (status != PJ_SUCCESS) { 
     
    14101411    /* Set the "pending" SSL socket user data */ 
    14111412    pj_ssl_sock_set_user_data(new_ssock, tls); 
    1412  
    1413     /* Set up the group lock */ 
    1414     if (ssl_info.grp_lock) { 
    1415         tls->grp_lock = ssl_info.grp_lock; 
    1416         pj_grp_lock_add_ref(tls->grp_lock); 
    1417         pj_grp_lock_add_handler(tls->grp_lock, tls->base.pool, tls, 
    1418                                 &tls_on_destroy); 
    1419     } 
    14201413 
    14211414    /* Prevent immediate transport destroy as application may access it  

  • pjproject/trunk/pjsip/src/pjsip/sip_transport_udp.c

    r5984 r5991  
    471471    } 
    472472 
     473    /* When creating this transport, reference count was incremented to flag 
     474     * this transport as permanent so it will not be destroyed by transport 
     475     * manager whenever idle. Application may or may not have cleared the 
     476     * flag (by calling pjsip_transport_dec_ref()), so in case it has not, 
     477     * let's do it now, so this transport can be destroyed. 
     478     */ 
     479    if (pj_atomic_get(tp->base.ref_cnt) > 0) 
     480        pjsip_transport_dec_ref(&tp->base); 
     481 
     482    /* Destroy transport */ 
    473483    if (tp->grp_lock) { 
    474484        pj_grp_lock_t *grp_lock = tp->grp_lock; 
     
    845855    tp->base.destroy = &udp_destroy; 
    846856 
    847     /* This is a permanent transport, so we initialize the ref count 
    848      * to one so that transport manager don't destroy this transport 
    849      * when there's no user! 
    850      */ 
    851     pj_atomic_inc(tp->base.ref_cnt); 
    852  
    853857    /* Register to transport manager. */ 
    854858    tp->base.tpmgr = pjsip_endpt_get_tpmgr(endpt); 
     
    857861        goto on_error; 
    858862 
     863    /* This is a permanent transport, so we initialize the ref count 
     864     * to one so that transport manager won't destroy this transport 
     865     * when there's no user! 
     866     */ 
     867    pjsip_transport_add_ref(&tp->base); 
    859868 
    860869    /* Create rdata and put it in the array. */ 
Note: See TracChangeset for help on using the changeset viewer.