Possible bug in BasicTaskScheduler0
Jörg Dommaschk
j.dommaschk at instar.com
Mon Oct 30 00:57:13 PDT 2023
Hello,
I think I may have found a bug: In BasicTaskScheduler0::deleteEventTrigger in BasicTaskScheduler0.cpp in the lines 126 and 128, fTriggersAwaitingHandling[fLastUsedTriggerNum] is cleared/set to False. If I understand things correctly - and I might very well not - shouldn't this be fTriggersAwaitingHandling[i] instead?
If my understanding is correct, by using fLastUsedTriggerNum as the index, not the correct fTriggersAwaitingHandling would be cleared/set to False. This can be bad when later a new client connects and happens to be assigned the same eventTriggerId again, i.e. another call to BasicTaskScheduler0::createEventTrigger returns the same eventTriggerId.
In that case, in the time between this call to BasicTaskScheduler0::createEventTrigger and the new client's first call to BasicTaskScheduler0::triggerEvent, line 191/194 in BasicTaskScheduler::SingleStep could already trigger because the asociated fTriggersAwaitingHandling was not cleared, and line 197 triggers because we just assigned some fTriggeredEventHandlers here, so the handler is called with its client data being NULL, which can result in a crash if the handler being called is e.g. DeviceSource::deliverFrame0.
Regards
Jay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20231030/481396f6/attachment.htm>
More information about the live-devel
mailing list