LibWebRTC TCPConnection might receive packets while its port is nullptr

https://bugs.webkit.org/show_bug.cgi?id=260705 rdar://113531400 Reviewed by Jean-Yves Avenard. According logs, we have a nullptr crash in Connection::OnReadPacket when calling Port::GetStunMessage. The current explanation is this one: 1. The connection is live and connected to the socket (which means it is a TCPConnection). 2. The connection's port is dead, which can happen if Port::DestroyConnectionAsync is called. To prevent the nullptr crash, we add a nullptr check in TCPConnection::OnReadPacket. * Source/ThirdParty/libwebrtc/Source/webrtc/p2p/base/tcp_port.cc: Canonical link: https://commits.webkit.org/267275@main
WebKit · Aug 25, 2023 · 277cc3e · 277cc3e
1 parent 192aff7
commit 277cc3e
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/Source/ThirdParty/libwebrtc/Source/webrtc/p2p/base/tcp_port.cc b/Source/ThirdParty/libwebrtc/Source/webrtc/p2p/base/tcp_port.cc
@@ -564,6 +564,14 @@ void TCPConnection::OnReadPacket(rtc::AsyncPacketSocket* socket,
                                  const rtc::SocketAddress& remote_addr,
                                  const int64_t& packet_time_us) {
   RTC_DCHECK_EQ(socket, socket_.get());
+
+#if defined(WEBRTC_WEBKIT_BUILD)
+  if (!port()) {
+    RTC_LOG(LS_WARNING) << "TCPConnection: Port has been deleted.";
+    return;
+  }
+#endif
+
   Connection::OnReadPacket(data, size, packet_time_us);
 }