| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- From 1fed39fe1488abd654a5488b5e6ad59b4b973331 Mon Sep 17 00:00:00 2001
- From: nanang <nanang@localhost>
- Date: Tue, 8 Jan 2019 09:07:47 +0000
- Subject: [PATCH 1/5] Fixed #2172: Avoid double reference counter decrements in
- timer in the scenario of race condition between pj_timer_heap_cancel() and
- pj_timer_heap_poll().
- ---
- pjlib/src/pj/timer.c | 17 ++++++++++-------
- 1 file changed, 10 insertions(+), 7 deletions(-)
- diff --git a/pjlib/src/pj/timer.c b/pjlib/src/pj/timer.c
- index 90a95e37b..7bae084ef 100644
- --- a/pjlib/src/pj/timer.c
- +++ b/pjlib/src/pj/timer.c
- @@ -580,13 +580,16 @@ static int cancel_timer(pj_timer_heap_t *ht,
-
- lock_timer_heap(ht);
- count = cancel(ht, entry, flags | F_DONT_CALL);
- - if (flags & F_SET_ID) {
- - entry->id = id_val;
- - }
- - if (entry->_grp_lock) {
- - pj_grp_lock_t *grp_lock = entry->_grp_lock;
- - entry->_grp_lock = NULL;
- - pj_grp_lock_dec_ref(grp_lock);
- + if (count > 0) {
- + /* Timer entry found & cancelled */
- + if (flags & F_SET_ID) {
- + entry->id = id_val;
- + }
- + if (entry->_grp_lock) {
- + pj_grp_lock_t *grp_lock = entry->_grp_lock;
- + entry->_grp_lock = NULL;
- + pj_grp_lock_dec_ref(grp_lock);
- + }
- }
- unlock_timer_heap(ht);
-
- --
- 2.20.1
|
