From: Sangchul Lee Date: Fri, 6 May 2022 05:24:32 +0000 (+0900) Subject: webrtc_private: Fix crash when handling callback in idle X-Git-Tag: submit/tizen/20220506.064054^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F90%2F274690%2F2;p=platform%2Fcore%2Fapi%2Fwebrtc.git webrtc_private: Fix crash when handling callback in idle It was possible to access freed memory in log. The crash rarely happened during ITc_webrtc_create_offer_async_p(). [Version] 0.3.100 [Issue Type] Bug fix Change-Id: Ib1da621b4c2a853f63446454b356332fd8aaed83 Signed-off-by: Sangchul Lee --- diff --git a/packaging/capi-media-webrtc.spec b/packaging/capi-media-webrtc.spec index 6dd731b0..deddf3a7 100644 --- a/packaging/capi-media-webrtc.spec +++ b/packaging/capi-media-webrtc.spec @@ -1,6 +1,6 @@ Name: capi-media-webrtc Summary: A WebRTC library in Tizen Native API -Version: 0.3.99 +Version: 0.3.100 Release: 0 Group: Multimedia/API License: Apache-2.0 diff --git a/src/webrtc_private.c b/src/webrtc_private.c index e1133e65..0abbbd21 100644 --- a/src/webrtc_private.c +++ b/src/webrtc_private.c @@ -677,6 +677,7 @@ void _remove_remained_event_sources(webrtc_s *webrtc) void _post_state_cb_in_idle(webrtc_s *webrtc, webrtc_state_e new_state) { idle_userdata_s *data; + g_autoptr(GMutexLocker) locker = NULL; RET_IF(webrtc == NULL, "webrtc is NULL"); @@ -690,9 +691,8 @@ void _post_state_cb_in_idle(webrtc_s *webrtc, webrtc_state_e new_state) webrtc->pend_state = new_state; - g_mutex_lock(&webrtc->event_src_mutex); + locker = g_mutex_locker_new(&webrtc->event_src_mutex); webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free); - g_mutex_unlock(&webrtc->event_src_mutex); LOG_DEBUG("state will be changed [%s] -> [%s], source id[%u]", __state_str[webrtc->state], __state_str[new_state], webrtc->idle_cb_event_source_ids[data->type]); @@ -702,6 +702,7 @@ void _post_state_cb_in_idle(webrtc_s *webrtc, webrtc_state_e new_state) void _post_error_cb_in_idle(webrtc_s *webrtc, webrtc_error_e error) { idle_userdata_s *data; + g_autoptr(GMutexLocker) locker = NULL; RET_IF(webrtc == NULL, "webrtc is NULL"); @@ -710,9 +711,8 @@ void _post_error_cb_in_idle(webrtc_s *webrtc, webrtc_error_e error) data->type = IDLE_CB_TYPE_ERROR; data->new.error = error; - g_mutex_lock(&webrtc->event_src_mutex); + locker = g_mutex_locker_new(&webrtc->event_src_mutex); webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free); - g_mutex_unlock(&webrtc->event_src_mutex); LOG_DEBUG("error will occur [0x%x], source id[%u]", error, webrtc->idle_cb_event_source_ids[data->type]); } @@ -720,6 +720,7 @@ void _post_error_cb_in_idle(webrtc_s *webrtc, webrtc_error_e error) static void __post_peer_connection_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_peer_connection_state_e state) { idle_userdata_s *data; + g_autoptr(GMutexLocker) locker = NULL; RET_IF(webrtc == NULL, "webrtc is NULL"); @@ -728,9 +729,8 @@ static void __post_peer_connection_state_change_cb_in_idle(webrtc_s *webrtc, web data->type = IDLE_CB_TYPE_PEER_CONNECTION_STATE_CHANGE; data->new.peer_connection_state = state; - g_mutex_lock(&webrtc->event_src_mutex); + locker = g_mutex_locker_new(&webrtc->event_src_mutex); webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free); - g_mutex_unlock(&webrtc->event_src_mutex); LOG_DEBUG("connection state will be changed to [%u], source id[%u]", state, webrtc->idle_cb_event_source_ids[data->type]); } @@ -739,6 +739,7 @@ static void __post_peer_connection_state_change_cb_in_idle(webrtc_s *webrtc, web static void __post_signaling_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_signaling_state_e state) { idle_userdata_s *data; + g_autoptr(GMutexLocker) locker = NULL; RET_IF(webrtc == NULL, "webrtc is NULL"); @@ -747,9 +748,8 @@ static void __post_signaling_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_si data->type = IDLE_CB_TYPE_SIGNALING_STATE_CHANGE; data->new.signaling_state = state; - g_mutex_lock(&webrtc->event_src_mutex); + locker = g_mutex_locker_new(&webrtc->event_src_mutex); webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free); - g_mutex_unlock(&webrtc->event_src_mutex); LOG_DEBUG("signaling state will be changed to [%u], source id[%u]", state, webrtc->idle_cb_event_source_ids[data->type]); } @@ -757,6 +757,7 @@ static void __post_signaling_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_si static void __post_ice_gathering_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_ice_gathering_state_e state) { idle_userdata_s *data; + g_autoptr(GMutexLocker) locker = NULL; RET_IF(webrtc == NULL, "webrtc is NULL"); @@ -765,9 +766,8 @@ static void __post_ice_gathering_state_change_cb_in_idle(webrtc_s *webrtc, webrt data->type = IDLE_CB_TYPE_ICE_GATHERING_STATE_CHANGE; data->new.ice_gathering_state = state; - g_mutex_lock(&webrtc->event_src_mutex); + locker = g_mutex_locker_new(&webrtc->event_src_mutex); webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free); - g_mutex_unlock(&webrtc->event_src_mutex); LOG_DEBUG("ICE gathering state will be changed to [%u], source id[%u]", state, webrtc->idle_cb_event_source_ids[data->type]); } @@ -776,6 +776,7 @@ static void __post_ice_gathering_state_change_cb_in_idle(webrtc_s *webrtc, webrt static void __post_ice_connection_state_change_cb_in_idle(webrtc_s *webrtc, webrtc_ice_connection_state_e state) { idle_userdata_s *data; + g_autoptr(GMutexLocker) locker = NULL; RET_IF(webrtc == NULL, "webrtc is NULL"); @@ -784,9 +785,8 @@ static void __post_ice_connection_state_change_cb_in_idle(webrtc_s *webrtc, webr data->type = IDLE_CB_TYPE_ICE_CONNECTION_STATE_CHANGE; data->new.ice_connection_state = state; - g_mutex_lock(&webrtc->event_src_mutex); + locker = g_mutex_locker_new(&webrtc->event_src_mutex); webrtc->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free); - g_mutex_unlock(&webrtc->event_src_mutex); LOG_DEBUG("ICE connection state will be changed to [%u], source id[%u]", state, webrtc->idle_cb_event_source_ids[data->type]); }