Ticket #2117 (closed defect: fixed)

Opened 6 months ago

Last modified 6 months ago

Crash when deleting PJSUA2 Account

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.8
Component: pjsua2 Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

Scenario:

  1. Thread 1 deletes SipAccount instance, which derived from PJSUA2 Account. In SipAccount destructor, some SipAccount member objects have been destroyed.
  2. Thread 2 invokes Account callback onRegState() (e.g: from registration refresh), it tries to access SipAccount member objects, as some of them have been destroyed, crash occurs.

Some related facts:

  1. Account destructor and onRegState() callback are mutual exclusive, because in PJSUA level, they are protected with PJSUA lock. But SipAccount destructor and onRegState() callback are not mutual exclusive.
  2. Once pjsua_acc_del() in Account destructor is executed, onRegState() should never be invoked (for unregistration completion). Unfortunately, in derived class destruction, parent/Account destructor is called last.

The proposed solution is to introduce new Account method, i.e: Account::shutdown(), that internally will invoke PJSUA pjsua_acc_del(), so derived class could call this method first in its destructor to avoid invocation of onRegState() when it is being destroyed. Or alternatively, application can manually call Account::shutdown() before deleting the derived class instance.

Thanks Thomas Hackl for the report.

Change History

comment:1 Changed 6 months ago by nanang

  • Status changed from new to closed
  • Resolution set to fixed

In 5801:

Fix #2117: Add PJSUA2 API Account::shutdown() to avoid race condition between Account derived class destructor and onRegState callback.

Note: See TracTickets for help on using tickets.