Closed Bug 839941 Opened 7 years ago Closed 7 years ago
RTC use-after-free crash [@nr _ice _peer _ctx _destroy _cb]
This happened while running the attached testcase for a very long time approx. 30 minutes. The address/port used in the testcase was not reachable during that time. alloc: ice_ctx.c245 236: int nr_ice_ctx_create(char *label, UINT4 flags, nr_ice_ctx **ctxp) 245: if(!(ctx=RCALLOC(sizeof(nr_ice_ctx)))) 246: ABORT(R_NO_MEMORY); free: ice_ctx.c:366 329: static void nr_ice_ctx_destroy_cb(NR_SOCKET s, int how, void *cb_arg) [...] 366: RFREE(ctx); re-use: ice_peer_ctx.c:315 301: static void nr_ice_peer_ctx_destroy_cb(NR_SOCKET s, int how, void *cb_arg) [...] 315: STAILQ_REMOVE(&pctx->ctx->peers, pctx, nr_ice_peer_ctx_, entry); 316: 317: RFREE(pctx); Tested with m-c changeset: 121432:08388ff940df -O1
This feels like a dup; I'd swear I've seen this signature (or presumed source) before
Let's retest after 838169 lands. It smells like it might be in the same area.
(In reply to Eric Rescorla (:ekr) from comment #3) > Let's retest after 838169 lands. It smells like it might be in the same area. cdiehl -- Bug 838169 has landed. Can you try to reproduce? Thanks.
I have tested it a few times again and got no crash.
OK, let's mark this closed.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Marking verified per comment 5.
Status: RESOLVED → VERIFIED
Minus for in-testsuite - well, we can't exactly run a test case in CI for 30 minutes.
Flags: in-testsuite? → in-testsuite-
Whiteboard: [WebRTC],[blocking-webrtc+] fixed by bug 838169 → [WebRTC],[blocking-webrtc+][adv-main21-] fixed by bug 838169
You need to log in before you can comment on or make changes to this bug.