From: Sangchul Lee <sc11.lee@samsung.com>
Date: Fri, 6 May 2022 05:24:32 +0000 (+0900)
Subject: webrtc_private: Fix crash when handling callback in idle
X-Git-Tag: submit/tizen_6.5/20220509.062256^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0ff77d7472ad30ec044b5a08371c36330ecf51a2;p=platform%2Fcore%2Fapi%2Fwebrtc.git

webrtc_private: Fix crash when handling callback in idle

It was possible to access freed memory in log.
The crash rarely happened during ITc_webrtc_create_offer_async_p().

[Version] 0.2.168
[Issue Type] Bug fix

Change-Id: Ib1da621b4c2a853f63446454b356332fd8aaed83
Signed-off-by: Sangchul Lee <sc11.lee@samsung.com>
---

diff --git a/packaging/capi-media-webrtc.spec b/packaging/capi-media-webrtc.spec
index 8d9d7aec..1acd0492 100644
--- a/packaging/capi-media-webrtc.spec
+++ b/packaging/capi-media-webrtc.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-webrtc
 Summary:    A WebRTC library in Tizen Native API
-Version:    0.2.167
+Version:    0.2.168
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/src/webrtc_private.c b/src/webrtc_private.c
index 5351add0..717c3787 100644
--- a/src/webrtc_private.c
+++ b/src/webrtc_private.c
@@ -525,6 +525,7 @@ void _remove_remained_event_sources(webrtc_s *webrtc)
 void _post_state_cb_in_idle(webrtc_s *webrtc, webrtc_state_e new_state)
 {
 	idle_userdata_s *data;
+	g_autoptr(GMutexLocker) locker = NULL;
 
 	RET_IF(webrtc == NULL, "webrtc is NULL");
 
@@ -538,9 +539,8 @@ void _post_state_cb_in_idle(webrtc_s *webrtc, webrtc_state_e new_state)
 
 	webrtc->pend_state = new_state;
 
-	g_mutex_lock(&webrtc->event_src_mutex);
+	locker = g_mutex_locker_new(&webrtc->event_src_mutex);
 	webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free);
-	g_mutex_unlock(&webrtc->event_src_mutex);
 
 	LOG_DEBUG("state will be changed [%s] -> [%s], source id[%u]",
 		__state_str[webrtc->state], __state_str[new_state], webrtc->idle_cb_event_source_ids[data->type]);
@@ -550,6 +550,7 @@ void _post_state_cb_in_idle(webrtc_s *webrtc, webrtc_state_e new_state)
 void _post_error_cb_in_idle(webrtc_s *webrtc, webrtc_error_e error)
 {
 	idle_userdata_s *data;
+	g_autoptr(GMutexLocker) locker = NULL;
 
 	RET_IF(webrtc == NULL, "webrtc is NULL");
 
@@ -558,9 +559,8 @@ void _post_error_cb_in_idle(webrtc_s *webrtc, webrtc_error_e error)
 	data->type = IDLE_CB_TYPE_ERROR;
 	data->new.error = error;
 
-	g_mutex_lock(&webrtc->event_src_mutex);
+	locker = g_mutex_locker_new(&webrtc->event_src_mutex);
 	webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free);
-	g_mutex_unlock(&webrtc->event_src_mutex);
 
 	LOG_DEBUG("error will occur [0x%x], source id[%u]", error, webrtc->idle_cb_event_source_ids[data->type]);
 }
@@ -568,6 +568,7 @@ void _post_error_cb_in_idle(webrtc_s *webrtc, webrtc_error_e error)
 static void __post_peer_connection_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_peer_connection_state_e state)
 {
 	idle_userdata_s *data;
+	g_autoptr(GMutexLocker) locker = NULL;
 
 	RET_IF(webrtc == NULL, "webrtc is NULL");
 
@@ -576,9 +577,8 @@ static void __post_peer_connection_state_change_cb_in_idle(webrtc_s *webrtc, web
 	data->type = IDLE_CB_TYPE_PEER_CONNECTION_STATE_CHANGE;
 	data->new.peer_connection_state = state;
 
-	g_mutex_lock(&webrtc->event_src_mutex);
+	locker = g_mutex_locker_new(&webrtc->event_src_mutex);
 	webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free);
-	g_mutex_unlock(&webrtc->event_src_mutex);
 
 	LOG_DEBUG("connection state will be changed to [%u], source id[%u]", state, webrtc->idle_cb_event_source_ids[data->type]);
 }
@@ -587,6 +587,7 @@ static void __post_peer_connection_state_change_cb_in_idle(webrtc_s *webrtc, web
 static void __post_signaling_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_signaling_state_e state)
 {
 	idle_userdata_s *data;
+	g_autoptr(GMutexLocker) locker = NULL;
 
 	RET_IF(webrtc == NULL, "webrtc is NULL");
 
@@ -595,9 +596,8 @@ static void __post_signaling_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_si
 	data->type = IDLE_CB_TYPE_SIGNALING_STATE_CHANGE;
 	data->new.signaling_state = state;
 
-	g_mutex_lock(&webrtc->event_src_mutex);
+	locker = g_mutex_locker_new(&webrtc->event_src_mutex);
 	webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free);
-	g_mutex_unlock(&webrtc->event_src_mutex);
 
 	LOG_DEBUG("signaling state will be changed to [%u], source id[%u]", state, webrtc->idle_cb_event_source_ids[data->type]);
 }
@@ -605,6 +605,7 @@ static void __post_signaling_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_si
 static void __post_ice_gathering_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_ice_gathering_state_e state)
 {
 	idle_userdata_s *data;
+	g_autoptr(GMutexLocker) locker = NULL;
 
 	RET_IF(webrtc == NULL, "webrtc is NULL");
 
@@ -613,9 +614,8 @@ static void __post_ice_gathering_state_change_cb_in_idle(webrtc_s *webrtc, webrt
 	data->type = IDLE_CB_TYPE_ICE_GATHERING_STATE_CHANGE;
 	data->new.ice_gathering_state = state;
 
-	g_mutex_lock(&webrtc->event_src_mutex);
+	locker = g_mutex_locker_new(&webrtc->event_src_mutex);
 	webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free);
-	g_mutex_unlock(&webrtc->event_src_mutex);
 
 	LOG_DEBUG("ICE gathering state will be changed to [%u], source id[%u]", state, webrtc->idle_cb_event_source_ids[data->type]);
 }
@@ -624,6 +624,7 @@ static void __post_ice_gathering_state_change_cb_in_idle(webrtc_s *webrtc, webrt
 static void __post_ice_connection_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_ice_connection_state_e state)
 {
 	idle_userdata_s *data;
+	g_autoptr(GMutexLocker) locker = NULL;
 
 	RET_IF(webrtc == NULL, "webrtc is NULL");
 
@@ -632,9 +633,8 @@ static void __post_ice_connection_state_change_cb_in_idle(webrtc_s *webrtc, webr
 	data->type = IDLE_CB_TYPE_ICE_CONNECTION_STATE_CHANGE;
 	data->new.ice_connection_state = state;
 
-	g_mutex_lock(&webrtc->event_src_mutex);
+	locker = g_mutex_locker_new(&webrtc->event_src_mutex);
 	webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free);
-	g_mutex_unlock(&webrtc->event_src_mutex);
 
 	LOG_DEBUG("ICE connection state will be changed to [%u], source id[%u]", state, webrtc->idle_cb_event_source_ids[data->type]);
 }