![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 15 years ago
Closed 15 years ago
#1036 closed defect (fixed)
Stray timer may be registered by SIP TCP and TLS transport in destroy routine, which could crash the program on Symbian (thanks Tamàs Solymosi for the report)
| Reported by: | bennylp | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-1.6 |
| Component: | pjsip | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description
When TCP/TLS transport is being destroyed, they cancel all pending transmissions on the transport. This cancellation may in turn cause pjsip_transport_dec_ref() to be called, which may register an (stray) idle timer for the transport. Since the transport pool will be released right after that, the timer entry pointer will be invalid and it will crash the program if the timer heap is trying to access the entry.
This scenario could only happen during program shutdown sequence, as the (hard) destroy routine must not be called on normal situation (the graceful shutdown must be called instead), and this only matters in Symbian since only Symbian timer heap has stray timer cleanup routine, and only if ticket #1035 is not applied.
Change History (1)
comment:1 Changed 15 years ago by bennylp
- Resolution set to fixed
- Status changed from new to closed
Fixed in r3077