[vlc-devel] [PATCH] upnp: Fix potential race during tear down.
Johan Gunnarsson
johan.gunnarsson at gmail.com
Mon Aug 19 17:46:09 CEST 2019
This patch can lead to deadlock if release() is called when there are
pending callbacks. UpnpFinish() will wait for all pending callbacks to
finish, but they can't finish since release() holds s_lock.
On Wed, 7 Aug 2019, 16:46 Hugo Beauzée-Luyssen, <hugo at beauzee.fr> wrote:
> If two threads call UpnpFinish at the same time (or more precisely, if a
> 2nd thread calls UpnpFinish before the first one sets UpnpSdkInit to 0)
> we can end up double releasing most libupnp resources
> ---
> modules/services_discovery/upnp-wrapper.cpp | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/modules/services_discovery/upnp-wrapper.cpp
> b/modules/services_discovery/upnp-wrapper.cpp
> index c001492f37..3b8037b3f1 100644
> --- a/modules/services_discovery/upnp-wrapper.cpp
> +++ b/modules/services_discovery/upnp-wrapper.cpp
> @@ -113,13 +113,12 @@ UpnpInstanceWrapper
> *UpnpInstanceWrapper::get(vlc_object_t *p_obj)
> void UpnpInstanceWrapper::release()
> {
> UpnpInstanceWrapper *p_delete = NULL;
> - vlc_mutex_lock( &s_lock );
> + vlc::threads::mutex_locker lock( &s_lock );
> if (--s_instance->m_refcount == 0)
> {
> p_delete = s_instance;
> s_instance = NULL;
> }
> - vlc_mutex_unlock( &s_lock );
> delete p_delete;
> }
>
> --
> 2.20.1
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20190819/8b87d30a/attachment.html>
More information about the vlc-devel
mailing list