![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 10 years ago
Closed 10 years ago
#1815 closed defect (fixed)
Race condition of STUN transaction destruction (thanks to Itay for the report)
| Reported by: | ming | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.4 |
| Component: | pjnath | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
Thread #1 (pjsua thread) tries to destroy tdata, setting the force to PJ_FALSE:
stun_session.c:
- stun_tsx_on_complete()
- destroy_tdata(tdata, force=PJ_FALSE)
which will schedule a timer stun_tsx_on_destroy() to destroy the
transaction
When the timer activates, thread #1 proceeds to destroy STUN transaction, while
thread #2 (media thread) tries to destroy the stun session, which will try to
stop all pending STUN transactions. This may result in crash:
#0 0x006baa9e in pj_stun_client_tsx_stop at pjnath/stun_transaction.c:150
#1 0x006b6dbe in pj_stun_session_destroy at pjnath/stun_session.c:591
#2 0x006aa18e in destroy_ice at pjnath/ice_session.c:498
#3 0x006aa2d6 in pj_ice_sess_destroy at pjnath/ice_session.c:518
#4 0x006af424 in pj_ice_strans_stop_ice at pjnath/ice_strans.c:1155
Change History (1)
comment:1 Changed 10 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
In 4983: