libs/pjproject/patches/220-Fixed-2172-Avoid-double-reference-counter-decrements.patch

   1 From 1fed39fe1488abd654a5488b5e6ad59b4b973331 Mon Sep 17 00:00:00 2001
   2 From: nanang <nanang@localhost>
   3 Date: Tue, 8 Jan 2019 09:07:47 +0000
   4 Subject: [PATCH 1/5] Fixed #2172: Avoid double reference counter decrements in
   5  timer in the scenario of race condition between pj_timer_heap_cancel() and
   6  pj_timer_heap_poll().
   7
   8 ---
   9  pjlib/src/pj/timer.c | 17 ++++++++++-------
  10  1 file changed, 10 insertions(+), 7 deletions(-)
  11
  12 --- a/pjlib/src/pj/timer.c
  13 +++ b/pjlib/src/pj/timer.c
  14 @@ -580,13 +580,16 @@ static int cancel_timer(pj_timer_heap_t
  15
  16      lock_timer_heap(ht);
  17      count = cancel(ht, entry, flags | F_DONT_CALL);
  18 -    if (flags & F_SET_ID) {
  19 -       entry->id = id_val;
  20 -    }
  21 -    if (entry->_grp_lock) {
  22 -       pj_grp_lock_t *grp_lock = entry->_grp_lock;
  23 -       entry->_grp_lock = NULL;
  24 -       pj_grp_lock_dec_ref(grp_lock);
  25 +    if (count > 0) {
  26 +       /* Timer entry found & cancelled */
  27 +       if (flags & F_SET_ID) {
  28 +           entry->id = id_val;
  29 +       }
  30 +       if (entry->_grp_lock) {
  31 +           pj_grp_lock_t *grp_lock = entry->_grp_lock;
  32 +           entry->_grp_lock = NULL;
  33 +           pj_grp_lock_dec_ref(grp_lock);
  34 +       }
  35      }
  36      unlock_timer_heap(ht);
  37