GNOME Bugzilla – Bug 737110
rtsp-client: race condition when closing client connection
Last modified: 2014-09-24 10:41:32 UTC
Created attachment 286804 [details] [review] rtsp-client: do not free main context before rtsp watch There is a rare race condition which can lead to a crash when closing the connection. The problem is basically that the clients main context can be freed before/while the rtsp watch is destroyed: gst_rtsp_client_close () drops all references to the rtsp watch by calling g_source_destroy() and g_source_unref(). Which on the other hand will trigger GLib to call the GSource finalize function, client_watch_notify(). client_watch_notify() drops the ref to the main context owned by the client object and emits the CLOSED signal. This will result in a call to unmanage_client() in the server object. unmanage_client() adds an idle source which among other things will drop the last ref to the client main context. Most of the time the idle source is scheduled after client_watch_notify() returns and g_source_unref_internal () has finished using the context mutex. But the source can also be dispatched while g_source_unref_internal () is still not done.
commit 17f5785638edd7af241dc028ccb91331498b2cfb Author: Ognyan Tonchev <ognyan@axis.com> Date: Mon Sep 22 13:32:06 2014 +0200 rtsp-client: do not free main context before rtsp watch https://bugzilla.gnome.org/show_bug.cgi?id=737110