Hello,
PJSIP crashes on Windows in pjmedia_audiodev/wasapi_dev.cpp if something
goes wrong during device initialization. The crash happens because it
calls wasapi_stream_destroy twice on the same stream, but in the second
call the memory has already been freed and now contains garbage, leading
to an access violation.
summary of the scenario:
* init_capture_dev calls wasapi_stream_destroy on failure (line 626)
* init_playback_dev calls wasapi_stream_destroy on failure (line 766)
* wasapi_factory_create_stream also calls wasapi_stream_destroy if the
call to init_capture_dev or init_playback_dev failed (line 1027 and 1035)
* wasapi_stream_destroy apparently releases memory, running it twice on
the same stream causes an access violation because during the second
call some pointers contain non-zero garbage
The concrete scenario which triggered the crash for me is running PJSIP
in an UWP app where the user denied the app access to the microphone.
However I believe the crash isn't specific to UWP and can happen in
normal desktop applications as well if something "goes wrong" during the
capture or playback device initialization. In my case
IAudioClient2::Initialize returned E_ACCESSDENIED causing
init_capture_dev to destroy the stream and returning with an error code;
the caller wasapi_factory_create_stream then tries to destroy the stream
again, crashing the process.
regards,
Tobias
_______________________________________________
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
