![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 9 years ago
Closed 9 years ago
#1877 closed defect (fixed)
Race condition between stopping ICE and sending data in ICE stream transport
| Reported by: | ming | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.4.5 |
| Component: | pjnath | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
Race condition between pj_ice_strans_stop_ice() and pj_ice_strans_sendto()
Example scenario:
45:31.546 28834 D PJSIP: 45:31.556 pjsua_media.c .....Call 1: updating media.. 45:31.546 28834 D PJSIP: 45:31.563 pjsua_media.c ......Call 1: stream #0 (audio) unchanged. 45:31.546 28834 D PJSIP: 45:31.563 icetp00 ......Stopping ICE, reason=Remote answer doesn't support ICE 45:31.546 28834 D PJSIP: 45:31.563 icetp00 ......Destroying ICE session 0x76595fd4
Called from transport_ice.c: transport_media_start() -> set_no_ice() -> pj_ice_strans_stop_ice()
Then there's a call to pj_ice_strans_sendto(), backtrace below:
45:31.996 1064 1064 I DEBUG : #00 pc 00329e6e /system/lib/PJSIP.so (pj_ice_sess_send_data+25) 45:31.996 1064 1064 I DEBUG : #01 pc 0032b371 /system/lib/PJSIP.so (pj_ice_strans_sendto+76) ... 45:31.996 1064 1064 I DEBUG : #06 pc 0033f33f /system/lib/PJSIP.so (ioqueue_dispatch_read_event+290) 45:31.996 1064 1064 I DEBUG : #07 pc 0033fd9f /system/lib/PJSIP.so (pj_ioqueue_poll+448)
pj_ice_strans_sendto() tries to access the already destroyed ice session, hence resulting in crash.
Change History (1)
comment:1 Changed 9 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In 5151: