diff options
| author | Benny Prijono <bennylp@teluu.com> | 2009-10-15 04:46:39 +0000 |
|---|---|---|
| committer | Benny Prijono <bennylp@teluu.com> | 2009-10-15 04:46:39 +0000 |
| commit | f9b9637ca88a8c4af5266334e7d6d575b1d53635 (patch) | |
| tree | b68c5f9dad909b73389d2156d28c08a0b1d00ae8 /pjnath | |
| parent | 58b633f4c091118278ca9e485a56b3ee24ba7a11 (diff) | |
Fixed ticket #974: Crash if ICE session is destroyed by the application inside "on_ice_complete" with an PJ_ICE_STRANS_OP_NEGOTIATION op callback (thanks John Ridges for the report)
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@2948 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjnath')
| -rw-r--r-- | pjnath/src/pjnath/ice_session.c | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/pjnath/src/pjnath/ice_session.c b/pjnath/src/pjnath/ice_session.c index 0742cee1..e71b6946 100644 --- a/pjnath/src/pjnath/ice_session.c +++ b/pjnath/src/pjnath/ice_session.c @@ -1099,6 +1099,7 @@ static void on_timer(pj_timer_heap_t *th, pj_timer_entry *te) { pj_ice_sess *ice = (pj_ice_sess*) te->user_data; enum timer_type type = (enum timer_type)te->id; + pj_bool_t has_mutex = PJ_TRUE; PJ_UNUSED_ARG(th); @@ -1114,16 +1115,27 @@ static void on_timer(pj_timer_heap_t *th, pj_timer_entry *te) on_ice_complete(ice, PJNATH_EICENOMTIMEOUT); break; case TIMER_COMPLETION_CALLBACK: - /* Start keep-alive timer but don't send any packets yet. - * Need to do it here just in case app destroy the session - * in the callback. - */ - if (ice->ice_status == PJ_SUCCESS) - ice_keep_alive(ice, PJ_FALSE); + { + void (*on_ice_complete)(pj_ice_sess *ice, pj_status_t status); + pj_status_t ice_status; - /* Notify app about ICE completion*/ - if (ice->cb.on_ice_complete) - (*ice->cb.on_ice_complete)(ice, ice->ice_status); + /* Start keep-alive timer but don't send any packets yet. + * Need to do it here just in case app destroy the session + * in the callback. + */ + if (ice->ice_status == PJ_SUCCESS) + ice_keep_alive(ice, PJ_FALSE); + + /* Release mutex in case app destroy us in the callback */ + ice_status = ice->ice_status; + on_ice_complete = ice->cb.on_ice_complete; + has_mutex = PJ_FALSE; + pj_mutex_unlock(ice->mutex); + + /* Notify app about ICE completion*/ + if (on_ice_complete) + (*on_ice_complete)(ice, ice_status); + } break; case TIMER_START_NOMINATED_CHECK: start_nominated_check(ice); @@ -1136,7 +1148,8 @@ static void on_timer(pj_timer_heap_t *th, pj_timer_entry *te) break; } - pj_mutex_unlock(ice->mutex); + if (has_mutex) + pj_mutex_unlock(ice->mutex); } /* Send keep-alive */ |