diff options
author | Benny Prijono <bennylp@teluu.com> | 2008-04-02 18:36:35 +0000 |
---|---|---|
committer | Benny Prijono <bennylp@teluu.com> | 2008-04-02 18:36:35 +0000 |
commit | d5dde7220f5a2c773087f4dcd85119dfde2af79e (patch) | |
tree | d0b6ed920937a0feaf018db84e07f739ccad9c58 /pjlib | |
parent | ac825cc6c3d5bdd055d29379520fb8b3c91212e3 (diff) |
Ticket #520: Race condition may cause ioqueue corruption (thanks Philippe Leuba)
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1905 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjlib')
-rw-r--r-- | pjlib/include/pj/list_i.h | 6 | ||||
-rw-r--r-- | pjlib/src/pj/ioqueue_select.c | 3 |
2 files changed, 9 insertions, 0 deletions
diff --git a/pjlib/include/pj/list_i.h b/pjlib/include/pj/list_i.h index b604d790..5701381f 100644 --- a/pjlib/include/pj/list_i.h +++ b/pjlib/include/pj/list_i.h @@ -75,6 +75,12 @@ PJ_IDEF(void) pj_list_merge_first(pj_list_type *lst1, pj_list_type *lst2) PJ_IDEF(void) pj_list_erase(pj_list_type *node) { pj_link_node( ((pj_list*)node)->prev, ((pj_list*)node)->next); + + /* It'll be safer to init the next/prev fields to itself, to + * prevent multiple erase() from corrupting the list. See + * ticket #520 for one sample bug. + */ + pj_list_init(node); } diff --git a/pjlib/src/pj/ioqueue_select.c b/pjlib/src/pj/ioqueue_select.c index 0d907894..fdd0d9b5 100644 --- a/pjlib/src/pj/ioqueue_select.c +++ b/pjlib/src/pj/ioqueue_select.c @@ -445,7 +445,10 @@ PJ_DEF(pj_status_t) pj_ioqueue_unregister( pj_ioqueue_key_t *key) pj_assert(ioqueue->count > 0); --ioqueue->count; +#if !PJ_IOQUEUE_HAS_SAFE_UNREG + /* Ticket #520, key will be erased more than once */ pj_list_erase(key); +#endif PJ_FD_CLR(key->fd, &ioqueue->rfdset); PJ_FD_CLR(key->fd, &ioqueue->wfdset); #if PJ_HAS_TCP |