[asterisk-commits] kmoore: branch kmoore/stasis-mwi r382368 - /team/kmoore/stasis-mwi/main/stasis.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Mar 4 09:18:40 CST 2013
Author: kmoore
Date: Mon Mar 4 09:18:36 2013
New Revision: 382368
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=382368
Log:
Fix potential race condition
If a subscription had several dispatches queued on unsubscription, a
segfault could occur on attempted deref of a nulled topic.
Modified:
team/kmoore/stasis-mwi/main/stasis.c
Modified: team/kmoore/stasis-mwi/main/stasis.c
URL: http://svnview.digium.com/svn/asterisk/team/kmoore/stasis-mwi/main/stasis.c?view=diff&rev=382368&r1=382367&r2=382368
==============================================================================
--- team/kmoore/stasis-mwi/main/stasis.c (original)
+++ team/kmoore/stasis-mwi/main/stasis.c Mon Mar 4 09:18:36 2013
@@ -116,8 +116,9 @@
static void subscription_dtor(void *obj)
{
struct stasis_subscription *sub = obj;
- /* This should never be called until after we've been unsubscribed */
- ast_assert(sub->topic == NULL);
+ /* This should never be called until after we've been unsubscribed,
+ * which means that topic will have been reffed for the orphaned sub */
+ ao2_cleanup(sub->topic);
ao2_cleanup(sub->mailbox);
sub->mailbox = NULL;
}
@@ -176,11 +177,13 @@
for (i = 0; i < topic->num_subscribers_current; ++i) {
if (topic->subscribers[i] == sub) {
- sub->topic = NULL;
/* swap [i] with last entry; remove last entry */
topic->subscribers[i] = topic->subscribers[--topic->num_subscribers_current];
/* We can't clean up now, since the lock is held. defer to RAII */
cleanup_after_unlock = sub;
+ /* Now that the topic will no longer have a ref on the sub,
+ * the sub can have a ref on the topic without creating a cyclic ref */
+ ao2_ref(sub->topic, +1);
return;
}
}
More information about the asterisk-commits
mailing list