Fixed #1164: Possible crash in PUBLISH session if network connectivity is lost between two requests (thanks Nikolay Popok for the report)
git-svn-id: https://svn.pjsip.org/repos/pjproject/trunk@3375 74dad513-b988-da41-8d7b-12977e46ad98
diff --git a/pjsip/src/pjsip-simple/publishc.c b/pjsip/src/pjsip-simple/publishc.c
index 1504061..84bd19e 100644
--- a/pjsip/src/pjsip-simple/publishc.c
+++ b/pjsip/src/pjsip-simple/publishc.c
@@ -74,6 +74,7 @@
pjsip_endpoint *endpt;
pj_bool_t _delete_flag;
int pending_tsx;
+ pj_bool_t in_callback;
pj_mutex_t *mutex;
pjsip_publishc_opt opt;
@@ -204,7 +205,7 @@
{
PJ_ASSERT_RETURN(pubc, PJ_EINVAL);
- if (pubc->pending_tsx) {
+ if (pubc->pending_tsx || pubc->in_callback) {
pubc->_delete_flag = 1;
pubc->cb = NULL;
} else {
@@ -554,6 +555,9 @@
pj_assert(pubc->pending_tsx > 0);
--pubc->pending_tsx;
+ /* Mark that we're in callback to prevent deletion (#1164) */
+ ++pubc->in_callback;
+
/* If publication data has been deleted by user then remove publication
* data from transaction's callback, and don't call callback.
*/
@@ -697,6 +701,9 @@
pj_mutex_unlock(pubc->mutex);
}
+ /* No longer in callback. */
+ --pubc->in_callback;
+
/* Delete the record if user destroy pubc during the callback. */
if (pubc->_delete_flag && pubc->pending_tsx==0) {
pjsip_publishc_destroy(pubc);