From 186a61a84e87b3e0c1d4944a3b79ad94a999b744 Mon Sep 17 00:00:00 2001 From: Benny Prijono Date: Mon, 29 Nov 2010 14:49:37 +0000 Subject: Fixed #1164: Possible crash in PUBLISH session if network connectivity is lost between two requests (thanks Nikolay Popok for the report) git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@3375 74dad513-b988-da41-8d7b-12977e46ad98 --- pjsip/src/pjsip-simple/publishc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'pjsip/src') diff --git a/pjsip/src/pjsip-simple/publishc.c b/pjsip/src/pjsip-simple/publishc.c index 15040619..84bd19e6 100644 --- a/pjsip/src/pjsip-simple/publishc.c +++ b/pjsip/src/pjsip-simple/publishc.c @@ -74,6 +74,7 @@ struct pjsip_publishc pjsip_endpoint *endpt; pj_bool_t _delete_flag; int pending_tsx; + pj_bool_t in_callback; pj_mutex_t *mutex; pjsip_publishc_opt opt; @@ -204,7 +205,7 @@ PJ_DEF(pj_status_t) pjsip_publishc_destroy(pjsip_publishc *pubc) { PJ_ASSERT_RETURN(pubc, PJ_EINVAL); - if (pubc->pending_tsx) { + if (pubc->pending_tsx || pubc->in_callback) { pubc->_delete_flag = 1; pubc->cb = NULL; } else { @@ -554,6 +555,9 @@ static void tsx_callback(void *token, pjsip_event *event) pj_assert(pubc->pending_tsx > 0); --pubc->pending_tsx; + /* Mark that we're in callback to prevent deletion (#1164) */ + ++pubc->in_callback; + /* If publication data has been deleted by user then remove publication * data from transaction's callback, and don't call callback. */ @@ -697,6 +701,9 @@ static void tsx_callback(void *token, pjsip_event *event) pj_mutex_unlock(pubc->mutex); } + /* No longer in callback. */ + --pubc->in_callback; + /* Delete the record if user destroy pubc during the callback. */ if (pubc->_delete_flag && pubc->pending_tsx==0) { pjsip_publishc_destroy(pubc); -- cgit v1.2.3