![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 15 years ago
Closed 15 years ago
#974 closed defect (fixed)
Crash if ICE session is destroyed by the application inside "on_ice_complete" with an PJ_ICE_STRANS_OP_NEGOTIATION op callback (thanks John Ridges for the report)
| Reported by: | bennylp | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-1.5 |
| Component: | pjnath | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description (last modified by bennylp)
http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/2009-October/009063.html:
In PJNATH, destroying the ICE transport whilst inside
"on_ice_complete" with an PJ_ICE_STRANS_OP_NEGOTIATION op causes a crash. It
seems that the on_ice_complete callback is invoked in the "on_timer"
function in ice_session.c with the ice->mutex held, and deleting the
transport deletes the mutex, so when the callback returns the function
attempts to unlock the deleted mutex (and hilarity ensues). Perhaps the
mutex should be released before calling the callback.
Change History (2)
comment:1 Changed 15 years ago by bennylp
- Description modified (diff)
comment:2 Changed 15 years ago by bennylp
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Fixed in r2948