Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#1535 closed defect (fixed)

Pending outgoing TCP transmission may cause crash if the library is shutdown

Reported by: bennylp Owned by: bennylp
Priority: normal Milestone: release-2.0.1
Component: pjsip Version: trunk
Keywords: Cc:
Backport to 1.x milestone: release-1.16 Backported: yes

Description (last modified by nanang)

When the library is shutdown, pending outgoing TCP transmission will be cancelled and callback will be called. Unfortunately, some library components such as transaction layer have already been destroyed and hence it will cause access to already freed memory location, or the transaction layer itself may have not been destroyed (if there is pending tsx), but the stateful util module had been unregistered and hence it will cause access to bad memory location.

Sample stack trace:

Thread 4 Crashed:

0   App                       0x00195294 mod_util_on_tsx_state (sip_util_statefull.c:77)
1   App                       0x001922ee tsx_set_state (sip_transaction.c:1145)
2   App                       0x001933a8 send_msg_callback (sip_transaction.c:1828)
3   App                       0x0018597a stateless_send_transport_cb (sip_util.c:1112)
4   App                       0x001880f4 transport_send_callback (sip_transport.c:625)
5   App                       0x0018c59e on_data_sent (sip_transport_tcp.c:1050)
6   App                       0x0018bc1c tcp_destroy (sip_transport_tcp.c:731)
7   App                       0x0018bb42 tcp_destroy_transport (sip_transport_tcp.c:689)
8   App                       0x00188934 destroy_transport (sip_transport.c:954)
9   App                       0x00188fe8 pjsip_tpmgr_destroy (sip_transport.c:1275)
10  App                       0x00183190 pjsip_endpt_destroy (sip_endpoint.c:587)
11  App                       0x001bec0c pjsua_destroy2 (pjsua_core.c:1503)
12  App                       0x001bef4a pjsua_destroy (pjsua_core.c:1582)
13  App                       0x000d893e -[CallManagerSingleton app_destroy] (CallManagerSingleton.m:961)
14  App                       0x000bbc34 -[SAppDelegate start_app] (SAppDelegate.m:1151)
15  Foundation                0x34ff0a7a -[NSThread main] + 66
16  Foundation                0x3508458a __NSThread__main__ + 1042
17  libsystem_c.dylib         0x3292472e _pthread_start + 314
18  libsystem_c.dylib         0x329245e8 thread_start + 0

Thanks Michael Fortson for the report.

Change History (6)

comment:1 Changed 12 years ago by bennylp

  • Backport to 1.x milestone set to release-1.16

comment:2 Changed 12 years ago by bennylp

  • Resolution set to fixed
  • Status changed from new to closed

In 4165:

Fixed #1535: Pending outgoing TCP transmission may cause crash if the library is shutdown

comment:3 Changed 12 years ago by nanang

In 4169:

Re #1535: Added check if module "mod-stateful-util" has been unregistered.

comment:4 Changed 12 years ago by nanang

  • Description modified (diff)

comment:5 Changed 12 years ago by nanang

In 4379:

Re #1535: backported to 1.x

comment:6 Changed 12 years ago by nanang

  • Backported set
Note: See TracTickets for help on using tickets.