[libnice] libnice 1.7 crash on turn refresh retransmission
Klaus Kranz
klaus.kranz at access-company.com
Thu Dec 18 01:43:06 PST 2014
When running a long term session, libnice wants to refresh a turn
connection 1min before connection lifetime ends.
I observed a crash in agent_unlock_and_emit()
The potential issue seems to be in conncheck.c
priv_turn_allocate_refresh_retransmissions_tick()
In the case STUN_USAGE_TIMER_RETURN_TIMEOUT:
refresh_cancel() is called invalidating the cand structure passed in.
At the end of the priv_turn_allocate_refresh_retransmissions_tick()
agent_unlock_and_emit( cand->agent ) is called with an invalid pointer to
agent, which leads to the crash.
Modifiying the code:
case STUN_USAGE_TIMER_RETURN_TIMEOUT:
…
…
agent_unlock_and_emit( cand->agent );
refresh_cancel(cand ) ;
return FALSE ;
…
Seems to solve the issue
Rgds
Klaus
--
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/nice/attachments/20141218/1ac1973b/attachment.html>
More information about the nice
mailing list