[Asterisk-Dev] improper locking in chan_sip:: struct sip_pvt's
"packets" list ?
Kevin P. Fleming
kpfleming at digium.com
Sat Dec 17 11:27:09 MST 2005
Luigi Rizzo wrote:
> Specifically, __sip_ack() navigates the list without holding
> p->lock, and only acquires that when removing the target from
> the list. There is however another procedure, retrans_pkt(),
> which can remove records from the list (correctly protected
> by the p->lock), which means that there might be
> a race condition where __sip_ack() will try to dereference
> a freed entry.
This could be an issue, if it's possible for those two code paths to run
at the same time for the same pvt structure. There may be higher-level
logic and/or circumstances that would keep that from happening... I
couldn't say without reviewing the code :-)
More information about the asterisk-dev
mailing list