[pulseaudio-commits] 2 commits - src/modules src/pulsecore
David Henningsson
diwic at kemper.freedesktop.org
Fri Mar 27 06:35:44 PDT 2015
src/modules/bluetooth/module-bluez5-device.c | 2 -
src/pulsecore/thread-mq.c | 32 +++++++++++++++++++--------
2 files changed, 24 insertions(+), 10 deletions(-)
New commits:
commit ff329cdabb9ed5864ff6821aaab137844f9940d5
Author: Sagar Nageshmurthy <s.nageshmurt at samsung.com>
Date: Tue Mar 24 17:17:03 2015 +0530
Fix: Prevent calling pa_rtpoll_free() for a NULL rtpoll
Flushing the asyncmsgq can cause arbitrarily callbacks to run, potentially
causing recursion into pa_thread_mq_done again. Because of this; rtpoll which
is cleared in the second iteration is tried to free once again by the first
iteration leading to PA crash.
diff --git a/src/modules/bluetooth/module-bluez5-device.c b/src/modules/bluetooth/module-bluez5-device.c
index 7238e6f..6ebcda2 100644
--- a/src/modules/bluetooth/module-bluez5-device.c
+++ b/src/modules/bluetooth/module-bluez5-device.c
@@ -1575,9 +1575,9 @@ static void stop_thread(struct userdata *u) {
}
if (u->rtpoll) {
- pa_thread_mq_done(&u->thread_mq);
pa_rtpoll_free(u->rtpoll);
u->rtpoll = NULL;
+ pa_thread_mq_done(&u->thread_mq);
}
if (u->transport) {
commit 498689926fc3a13207ec07128339972cdbb2eefc
Author: David Henningsson <david.henningsson at canonical.com>
Date: Mon Mar 23 14:39:52 2015 +0100
thread-mq: Make pa_thread_mq_done more robust
While investigating bug 89672 it was found that pa_thread_mq_done
was called recursively. Regardless of whether the recursion should
be stopped by other means, it seems to make sense to make
pa_thread_mq_done more robust so that it can be called twice
(and even recursively) without harm.
BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=89672
Signed-off-by: David Henningsson <david.henningsson at canonical.com>
diff --git a/src/pulsecore/thread-mq.c b/src/pulsecore/thread-mq.c
index d00641d..f4489ac 100644
--- a/src/pulsecore/thread-mq.c
+++ b/src/pulsecore/thread-mq.c
@@ -148,21 +148,35 @@ void pa_thread_mq_done(pa_thread_mq *q) {
* msgs, other stuff). Hence do so if we aren't currently
* dispatching anyway. */
- if (!pa_asyncmsgq_dispatching(q->outq))
- pa_asyncmsgq_flush(q->outq, true);
+ if (q->outq && !pa_asyncmsgq_dispatching(q->outq)) {
+ /* Flushing the asyncmsgq can cause arbitrarily callbacks to run,
+ potentially causing recursion into pa_thread_mq_done again. */
+ pa_asyncmsgq *z = q->outq;
+ pa_asyncmsgq_ref(z);
+ pa_asyncmsgq_flush(z, true);
+ pa_asyncmsgq_unref(z);
+ }
- q->main_mainloop->io_free(q->read_main_event);
- q->main_mainloop->io_free(q->write_main_event);
- q->read_main_event = q->write_main_event = NULL;
+ if (q->main_mainloop) {
+ if (q->read_main_event)
+ q->main_mainloop->io_free(q->read_main_event);
+ if (q->write_main_event)
+ q->main_mainloop->io_free(q->write_main_event);
+ q->read_main_event = q->write_main_event = NULL;
+ }
if (q->thread_mainloop) {
- q->thread_mainloop->io_free(q->read_thread_event);
- q->thread_mainloop->io_free(q->write_thread_event);
+ if (q->read_thread_event)
+ q->thread_mainloop->io_free(q->read_thread_event);
+ if (q->write_thread_event)
+ q->thread_mainloop->io_free(q->write_thread_event);
q->read_thread_event = q->write_thread_event = NULL;
}
- pa_asyncmsgq_unref(q->inq);
- pa_asyncmsgq_unref(q->outq);
+ if (q->inq)
+ pa_asyncmsgq_unref(q->inq);
+ if (q->outq)
+ pa_asyncmsgq_unref(q->outq);
q->inq = q->outq = NULL;
q->main_mainloop = NULL;
More information about the pulseaudio-commits
mailing list