[Asterisk-code-review] pjsip: Include timer patch to prevent cancelling timer 0. (asterisk[13])

Joshua Colp asteriskteam at digium.com
Mon Jul 13 04:43:33 CDT 2020


Joshua Colp has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/14635 )


Change subject: pjsip: Include timer patch to prevent cancelling timer 0.
......................................................................

pjsip: Include timer patch to prevent cancelling timer 0.

I noticed this while looking at another issue and brought
it up with Teluu. It was possible for an uninitialized timer
to be cancelled, resulting in the invalid timer id of 0
being placed into the timer heap causing issues.

This change is a backport from the pjproject repository
preventing this from happening.

Change-Id: I1ba318b1f153a6dd7458846396e2867282b428e7
---
A third-party/pjproject/patches/0020-pjlib_cancel_timer_0.patch
1 file changed, 39 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/35/14635/1

diff --git a/third-party/pjproject/patches/0020-pjlib_cancel_timer_0.patch b/third-party/pjproject/patches/0020-pjlib_cancel_timer_0.patch
new file mode 100644
index 0000000..09f72d8
--- /dev/null
+++ b/third-party/pjproject/patches/0020-pjlib_cancel_timer_0.patch
@@ -0,0 +1,39 @@
+commit 40dd48d10911f4ff9b8dfbf16428fbc9acc434ba
+Author: Riza Sulistyo <trengginas at users.noreply.github.com>
+Date:   Thu Jul 9 17:47:24 2020 +0700
+
+    Modify timer_id check on cancel() (#2463)
+    
+    * modify timer_id check on cancel().
+    
+    * modification based on comments.
+
+diff --git a/pjlib/include/pj/timer.h b/pjlib/include/pj/timer.h
+index b738a6e76..4b76ab65d 100644
+--- a/pjlib/include/pj/timer.h
++++ b/pjlib/include/pj/timer.h
+@@ -120,7 +120,10 @@ typedef struct pj_timer_entry
+ 
+     /** 
+      * Internal unique timer ID, which is assigned by the timer heap. 
+-     * Application should not touch this ID.
++     * Positive values indicate that the timer entry is running, 
++     * while -1 means that it's not. Any other value may indicate that it 
++     * hasn't been properly initialised or is in a bad state.
++     * Application should not touch this ID. 
+      */
+     pj_timer_id_t _timer_id;
+ 
+diff --git a/pjlib/src/pj/timer.c b/pjlib/src/pj/timer.c
+index 66516fce8..34966c481 100644
+--- a/pjlib/src/pj/timer.c
++++ b/pjlib/src/pj/timer.c
+@@ -535,7 +535,7 @@ static int cancel( pj_timer_heap_t *ht,
+     PJ_CHECK_STACK();
+ 
+     // Check to see if the timer_id is out of range
+-    if (entry->_timer_id < 0 || (pj_size_t)entry->_timer_id > ht->max_size) {
++    if (entry->_timer_id < 1 || (pj_size_t)entry->_timer_id >= ht->max_size) {
+ 	entry->_timer_id = -1;
+     	return 0;
+     }

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/14635
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Change-Id: I1ba318b1f153a6dd7458846396e2867282b428e7
Gerrit-Change-Number: 14635
Gerrit-PatchSet: 1
Gerrit-Owner: Joshua Colp <jcolp at sangoma.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200713/5478596d/attachment.html>


More information about the asterisk-code-review mailing list