![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 15 years ago
Last modified 15 years ago
#974 closed defect
Crash if ICE session is destroyed by the application inside "on_ice_complete" with an PJ_ICE_STRANS_OP_NEGOTIATION op callback (thanks John Ridges for the report) — at Initial Version
| Reported by: | bennylp | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-1.5 |
| Component: | pjnath | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description
http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/2009-October/009063.html:
Bug #3: In PJNATH, destroying the ICE transport whilst inside
"on_ice_complete" with an PJ_ICE_STRANS_OP_NEGOTIATION op causes a crash. It
seems that the on_ice_complete callback is invoked in the "on_timer"
function in ice_session.c with the ice->mutex held, and deleting the
transport deletes the mutex, so when the callback returns the function
attempts to unlock the deleted mutex (and hilarity ensues). Perhaps the
mutex should be released before calling the callback.
Note: See
TracTickets for help on using
tickets.
