From d74a1e78f0c0850ec6dd510d959ca3fd47428f11 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tristan.matthews@savoirfairelinux.com>
Date: Thu, 11 Aug 2011 10:06:27 -0400
Subject: [PATCH] * #6621: Fixed double free, unlock mutex in
 ManagerImpl::terminate

Also the memory pool for the SDP must be deallocated after we've destroyed
the SDP.
---
 sflphone-common/src/managerimpl.cpp | 2 +-
 sflphone-common/src/sip/sdp.cpp     | 1 -
 sflphone-common/src/sip/sipcall.cpp | 4 +++-
 sflphone-common/src/sip/sipcall.h   | 6 +++---
 sflphone-common/test/sdptest.cpp    | 1 +
 5 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/sflphone-common/src/managerimpl.cpp b/sflphone-common/src/managerimpl.cpp
index 0334461383..e53e6e75f8 100644
--- a/sflphone-common/src/managerimpl.cpp
+++ b/sflphone-common/src/managerimpl.cpp
@@ -198,7 +198,7 @@ void ManagerImpl::terminate ()
 
     _debug ("Manager: Unload audio codecs ");
     _audioCodecFactory.deleteHandlePointer();
-
+    audioLayerMutexUnlock();
 }
 
 bool ManagerImpl::isCurrentCall (const std::string& callId)
diff --git a/sflphone-common/src/sip/sdp.cpp b/sflphone-common/src/sip/sdp.cpp
index 91e44a92d2..8c4b23fba6 100644
--- a/sflphone-common/src/sip/sdp.cpp
+++ b/sflphone-common/src/sip/sdp.cpp
@@ -648,7 +648,6 @@ Sdp::~Sdp()
 
     for (iter = localAudioMediaCap_.begin(); iter != localAudioMediaCap_.end(); ++iter)
         delete *iter;
-    pj_pool_release (memPool_);
 }
 
 
diff --git a/sflphone-common/src/sip/sipcall.cpp b/sflphone-common/src/sip/sipcall.cpp
index b577d77c6e..f68b1f4651 100644
--- a/sflphone-common/src/sip/sipcall.cpp
+++ b/sflphone-common/src/sip/sipcall.cpp
@@ -48,7 +48,7 @@ SIPCall::SIPCall (const std::string& id, Call::CallType type, pj_caching_pool *c
     , _invSession (NULL)
 	, pool_(pj_pool_create(&caching_pool->factory, id.c_str(), CALL_MEMPOOL_INIT_SIZE,
                             CALL_MEMPOOL_INC_SIZE, NULL))
-    , local_sdp_(pool_)
+    , local_sdp_(new Sdp(pool_))
 {
     _debug ("SIPCall: Create new call %s", id.c_str());
 }
@@ -58,6 +58,8 @@ SIPCall::~SIPCall()
     _debug ("SIPCall: Delete call");
     _debug ("SDP: pool capacity %d", pj_pool_get_capacity (pool_));
     _debug ("SDP: pool size %d", pj_pool_get_used_size (pool_));
+    delete local_sdp_;
+    pj_pool_release (pool_);
 
     delete _audiortp;
 }
diff --git a/sflphone-common/src/sip/sipcall.h b/sflphone-common/src/sip/sipcall.h
index 083cc6f386..40c451dfad 100644
--- a/sflphone-common/src/sip/sipcall.h
+++ b/sflphone-common/src/sip/sipcall.h
@@ -33,13 +33,13 @@
 #define SIPCALL_H
 
 #include "call.h"
-#include "sdp.h"
 #include <cassert>
 
 class pjsip_evsub;
 class pj_caching_pool;
 class pj_pool_t;
 class pjsip_inv_session;
+class Sdp;
 
 namespace sfl
 {
@@ -96,7 +96,7 @@ class SIPCall : public Call
          * Return the local SDP session
          */
         Sdp* getLocalSDP (void) {
-            return &local_sdp_;
+            return local_sdp_;
         }
 
         /**
@@ -169,7 +169,7 @@ class SIPCall : public Call
         /**
          * The SDP session
          */
-        Sdp local_sdp_;
+        Sdp *local_sdp_;
 };
 
 #endif
diff --git a/sflphone-common/test/sdptest.cpp b/sflphone-common/test/sdptest.cpp
index e701b79b29..9f4a610479 100644
--- a/sflphone-common/test/sdptest.cpp
+++ b/sflphone-common/test/sdptest.cpp
@@ -114,6 +114,7 @@ void SDPTest::tearDown()
 {
 	delete _session;
 	_session = NULL;
+    pj_pool_release (_testPool);
 }
 
 
-- 
GitLab