On 1/25/08, Michael Broughton <Michael_Broughton at advanis.ca> wrote: > Hello, > > I am looking at two functions in stream.c: pjmedia_stream_destroy and > on_rx_rtp. I am trying to figure out if the following scenario is possible: > > 1. Thread A calls pjmedia_stream_destroy, which locks stream->jb_mutex. > > 2. Thread B calls on_rx_rtp, which tries to lock stream->jb_mutex but > cannot right away because thread A already holds the lock. > > 3. Thread A goes about it's work and then free's stream->jb_mutex. > > 4. Thread B, still trying to lock stream->jb_mutex, segfaults because > thread A deallocated stream->jb_mutex and zeroed out the pointer. > > > I have been trying to follow the code and it almost looks like this is > possible. Can anyone confirm or disprove this? > Hi Michael, I've got to say that the scenario looks valid, rather unfortunately. I haven't had idea on how to solve it though. cheers, -benny > Thanks, > > -- > Michael Broughton, Advanis > > Unintended Recipient & Unauthorized Use of E-Mail: > This message and attachments may contain confidential or privileged > information that is intended only for the named recipient of this > e-mail. Any unauthorized use or distribution is not permitted. If you > have received this e-mail in error, deleting the e-mail and notifying > the sender would be appreciated. Thank you. > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >
