![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 10 years ago
Closed 10 years ago
#1852 closed defect (fixed)
Assertion due to premature destroy of dialog when media channel init fails during incoming call
| Reported by: | ming | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.4.5 |
| Component: | pjsua-lib | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
Scenario (thanks to Fredrik Hansson for the report):
- In pjsua_call_on_incoming() function, after pjsua_media_channel_init() call returns PJ_SUCCESS, on_incoming_call_med_tp_complete() is called.
- on_incoming_call_med_tp_complete() returns !PJ_SUCCESS
- pjsip_dlg_respond() is entered.
- The response is created without problem and the pjsip_dlg_send_response() is called.
- We end up on the call to pjsip_dlg_dec_lock_().
- In the pjsip_dlg_dec_lock() function the session_count == 0 and tsx_count == 0 and we call the unregister_and_destroy_dialog() function.
- Then the destroy_dialog() is called which destroys the dlg->mutex_ if it exists.
- After the mutex is destroyed we returns all the way back from the pjsip_dlg_respond() call.
- After returning from pjsip_dlg_respond() the pjsip_inv_terminate() function is called.
- In the pjsip_inv_terminate() function the dialog is locked which will lead to an assert since the mutex is already destroyed
Change History (2)
comment:1 Changed 10 years ago by ming
- Component changed from applications to pjsua-lib
comment:2 Changed 10 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In 5096: