From ebc6f6efc4a83802c03679c74be36974a3dcb4e3 Mon Sep 17 00:00:00 2001 From: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com> Date: Tue, 23 May 2017 15:09:24 -0400 Subject: [PATCH] dtls: fix race-condition during pkt flush Remove a race-condition on packet reorder std::map during its flush. This caused application crashes. Change-Id: I01ebf56f8cca141585f11c1090262d3b44f34544 Reviewed-by: Andreas Traczyk <andreas.traczyk@savoirfairelinux.com> --- src/security/tls_session.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/security/tls_session.cpp b/src/security/tls_session.cpp index cf3fa7043d..423eca605a 100644 --- a/src/security/tls_session.cpp +++ b/src/security/tls_session.cpp @@ -962,16 +962,17 @@ TlsSession::flushRxQueue() // Loop on offset-ordered received packet until a discontinuity in sequence number while (item != std::end(reorderBuffer_) and item->first <= next_offset) { auto pkt_offset = item->first; - auto& pkt = item->second; + auto pkt = std::move(item->second); + + // Remove item before unlocking to not trash the item' relationship + next_offset = pkt_offset + 1; + item = reorderBuffer_.erase(item); if (callbacks_.onRxData) { lk.unlock(); callbacks_.onRxData(std::move(pkt)); lk.lock(); } - - next_offset = pkt_offset + 1; - item = reorderBuffer_.erase(item); } gapOffset_ = std::max(gapOffset_, next_offset); -- GitLab