![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 7 years ago
Closed 6 years ago
#2104 closed defect (fixed)
Prevent double free on Failed STUN resolution
| Reported by: | riza | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.8 |
| Component: | pjsua-lib | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
Failed STUN resolution when starting the library might lead to a crash caused by double free.
Scenario:
- Set stun_ignore_failure to PJ_FALSE.
- Turn networking OFF (Linux nework connections menu)
- Start the application
- pjsua_core.c !.STUN resolution failed: gethostbyname() has returned error (PJ_ERESOLVE).
- pjsua_core.c .Error resolving STUN server: gethostbyname() has returned error (PJ_ERESOLVE) [status=70018]
- double free, crash
Internal flow:
- pjsua_init() -> resolve_stun_server() : fail -> schedule timer to call destroy_stun_resolve_cb()
- exit pjsua_init() -> destroy_stun_resolve() -> shedule new timer to destroy STUN session. The previous timer entry hasn't been processed by worker thread
- double free and crash in busy_sleep()
Thank you to Denis Poltorak for the report.
Change History (3)
comment:1 Changed 7 years ago by riza
comment:2 Changed 7 years ago by riza
In 5765:
comment:3 Changed 6 years ago by riza
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In r5762:
Fixed #2104: Prevent double free on Failed STUN resolution.