projects / platform / upstream / libnice.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a3f5356)
agent: Verify the source before dereferencing the pointer
authorOlivier Crête <olivier.crete@collabora.com>
Tue, 20 Apr 2021 19:09:11 +0000 (15:09 -0400)
committerOlivier Crête <olivier.crete@collabora.com>
Tue, 20 Apr 2021 19:09:11 +0000 (15:09 -0400)
The reason is that the component object could have been destroyed in the
mean time.

agent/agent.c patch | blob | history
agent/component.c patch | blob | history

diff --git a/agent/agent.c b/agent/agent.c
index 2b9163e..40c2146 100644 (file)
--- a/agent/agent.c
+++ b/agent/agent.c
@@ -5672,25 +5672,31 @@ component_io_cb (GSocket *gsocket, GIOCondition condition, gpointer user_data)
 
   component = socket_source->component;
 
+  if (g_source_is_destroyed (g_main_current_source ())) {
+    /* Silently return FALSE. */
+    nice_debug ("%s: source %p destroyed", G_STRFUNC, g_main_current_source ());
+    return G_SOURCE_REMOVE;
+  }
+
   agent = g_weak_ref_get (&component->agent_ref);
   if (agent == NULL)
     return G_SOURCE_REMOVE;
 
   agent_lock (agent);
 
-  stream = agent_find_stream (agent, component->stream_id);
-
-  if (stream == NULL) {
-    nice_debug ("%s: stream %d destroyed", G_STRFUNC, component->stream_id);
+  if (g_source_is_destroyed (g_main_current_source ())) {
+    /* Silently return FALSE. */
+    nice_debug ("%s: source %p destroyed", G_STRFUNC, g_main_current_source ());
 
     agent_unlock (agent);
     g_object_unref (agent);
     return G_SOURCE_REMOVE;
   }
 
-  if (g_source_is_destroyed (g_main_current_source ())) {
-    /* Silently return FALSE. */
-    nice_debug ("%s: source %p destroyed", G_STRFUNC, g_main_current_source ());
+  stream = agent_find_stream (agent, component->stream_id);
+
+  if (stream == NULL) {
+    nice_debug ("%s: stream %d destroyed", G_STRFUNC, component->stream_id);
 
     agent_unlock (agent);
     g_object_unref (agent);
diff --git a/agent/component.c b/agent/component.c
index 91ded03..96450d3 100644 (file)
--- a/agent/component.c
+++ b/agent/component.c
@@ -1222,6 +1222,7 @@ nice_component_finalize (GObject *obj)
   cmp = NICE_COMPONENT (obj);
 
   /* Component should have been closed already. */
+  g_warn_if_fail (cmp->socket_sources == NULL);
   g_warn_if_fail (cmp->local_candidates == NULL);
   g_warn_if_fail (cmp->remote_candidates == NULL);
   g_warn_if_fail (g_queue_get_length (&cmp->incoming_checks) == 0);
Domain: Multimedia / Media Playback;