diff options
| author | Richard Mudgett <rmudgett@digium.com> | 2017-08-18 17:37:12 -0500 |
|---|---|---|
| committer | Richard Mudgett <rmudgett@digium.com> | 2017-08-22 11:59:49 -0500 |
| commit | f2c14f00b8ae4cd1fa809db705d4c368f1cfed1a (patch) | |
| tree | 1e81c11ce09e7626acbfc6a997f6a4d4aed38feb /res/res_pjsip_session.c | |
| parent | 17976d1b4e302b3aa7cc510109a78010d7893fe1 (diff) | |
res_pjsip_session.c: Fix crash when declining an active stream.
If a previously active stream is declined we could crash because the
channel's thread is still using the stream while we are updating the
topology in the serializer thread.
* Defer removing any declined stream's handler until we have blocked the
channel's thread with the channel lock.
ASTERISK-27212
Change-Id: I50e1d3ef26f8e41948f4c411ee329aa3b960a420
Diffstat (limited to 'res/res_pjsip_session.c')
| -rw-r--r-- | res/res_pjsip_session.c | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c index c4b0041a1..b6b8a21ac 100644 --- a/res/res_pjsip_session.c +++ b/res/res_pjsip_session.c @@ -784,12 +784,11 @@ static int handle_negotiated_sdp(struct ast_sip_session *session, const pjmedia_ * we remove it as a result of the stream limit being reached. */ if (ast_stream_get_state(stream) == AST_STREAM_STATE_REMOVED) { - /* This stream is no longer being used so release any resources the handler - * may have on it. + /* + * Defer removing the handler until we are ready to activate + * the new topology. The channel's thread may still be using + * the stream and we could crash before we are ready. */ - if (session_media->handler) { - session_media_set_handler(session_media, NULL); - } continue; } @@ -801,6 +800,32 @@ static int handle_negotiated_sdp(struct ast_sip_session *session, const pjmedia_ /* Apply the pending media state to the channel and make it active */ ast_channel_lock(session->channel); + /* Now update the stream handler for any declined/removed streams */ + for (i = 0; i < local->media_count; ++i) { + struct ast_sip_session_media *session_media; + struct ast_stream *stream; + + if (!remote->media[i]) { + continue; + } + + ast_assert(i < AST_VECTOR_SIZE(&session->pending_media_state->sessions)); + ast_assert(i < ast_stream_topology_get_count(session->pending_media_state->topology)); + + session_media = AST_VECTOR_GET(&session->pending_media_state->sessions, i); + stream = ast_stream_topology_get_stream(session->pending_media_state->topology, i); + + if (ast_stream_get_state(stream) == AST_STREAM_STATE_REMOVED + && session_media->handler) { + /* + * This stream is no longer being used and the channel's thread + * is held off because we have the channel lock so release any + * resources the handler may have on it. + */ + session_media_set_handler(session_media, NULL); + } + } + /* Update the topology on the channel to match the accepted one */ topology = ast_stream_topology_clone(session->pending_media_state->topology); if (topology) { @@ -814,8 +839,9 @@ static int handle_negotiated_sdp(struct ast_sip_session *session, const pjmedia_ /* Add all the file descriptors from the pending media state */ for (i = 0; i < AST_VECTOR_SIZE(&session->pending_media_state->read_callbacks); ++i) { - struct ast_sip_session_media_read_callback_state *callback_state = AST_VECTOR_GET_ADDR(&session->pending_media_state->read_callbacks, i); + struct ast_sip_session_media_read_callback_state *callback_state; + callback_state = AST_VECTOR_GET_ADDR(&session->pending_media_state->read_callbacks, i); ast_channel_internal_fd_set(session->channel, i + AST_EXTENDED_FDS, callback_state->fd); } |