[pjsip] Question about stream.c

Michael Broughton Michael_Broughton at advanis.ca
Fri Jan 25 18:32:42 EST 2008


I am looking at two functions in stream.c: pjmedia_stream_destroy and 
on_rx_rtp. I am trying to figure out if the following scenario is possible:

1. Thread A calls pjmedia_stream_destroy, which locks stream->jb_mutex.

2. Thread B calls on_rx_rtp, which tries to lock stream->jb_mutex but 
cannot right away because thread A already holds the lock.

3. Thread A goes about it's work and then free's stream->jb_mutex.

4. Thread B, still trying to lock stream->jb_mutex, segfaults because 
thread A deallocated stream->jb_mutex and zeroed out the pointer.

I have been trying to follow the code and it almost looks like this is 
possible. Can anyone confirm or disprove this?


Michael Broughton, Advanis

Unintended Recipient & Unauthorized Use of E-Mail:
This message and attachments may contain confidential or privileged
information that is intended only for the named recipient of this
e-mail. Any unauthorized use or distribution is not permitted. If you
have received this e-mail in error, deleting the e-mail and notifying
the sender would be appreciated. Thank you.

More information about the pjsip mailing list