Since the dialog timeout is not done under dialog lock, we might have…

… cases where the state is checked and is established, but until we get to update the timer, the dialog transitions to terminated & removes it from the timer. Use marker that's set under d_timer lock in order to avoid this
OpenSIPS · Nov 5, 2014 · 721e4af · 721e4af
1 parent 923f243
commit 721e4af
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/modules/dialog/dlg_timer.c b/modules/dialog/dlg_timer.c
@@ -315,15 +315,16 @@ int remove_dlg_timer(struct dlg_tl *tl)
 		return 1;
 	}
 
-	if (tl->prev==NULL || tl->next==NULL) {
+	if (tl->prev==NULL || tl->next==NULL || tl->next == FAKE_DIALOG_TL) {
 		LM_CRIT("bogus tl=%p tl->prev=%p tl->next=%p\n",
 			tl, tl->prev, tl->next);
 		lock_release( d_timer->lock);
 		return -1;
 	}
 
 	remove_dlg_timer_unsafe(tl);
-	tl->next = NULL;
+	/* mark that this dialog was one a part of the timer list */
+	tl->next = FAKE_DIALOG_TL;
 	tl->prev = NULL;
 	tl->timeout = 0;
 
@@ -377,6 +378,12 @@ int update_dlg_timer( struct dlg_tl *tl, int timeout )
 {
 	lock_get( d_timer->lock);
 
+	if ( tl->next == FAKE_DIALOG_TL ) {
+		/* previously removed from timer list - we will not add it again */
+		lock_release( d_timer->lock);
+		return 0;
+	}
+
 	if ( tl->next ) {
 		if (tl->prev==0) {
 			lock_release( d_timer->lock);