A serious logic error that frees BRPeer twice in BRPeerManagerConnect #54
Description
This error will cause app crash
I will give some illustations to show it.
Step 1
In BRPeerManagerConnect, we do BRPeerConnect
Step 2
We assume that everything is ok in BRPeerConnect. Then, we will go into _peerThreadRoutine
Step 3
In _peerThreadRoutine we run to 1090 line. Here we assume we got the lock, then we run to 1091 line. OK, let's look back at BRPeerManagerConnect. Which line does it run ? Go to Step 4
Step 4
In BRPeerManagerConnect, we now at BRPeerConnectStatus. Let's look at BRPeerConnectStatus.
Step 5
When we want to get BRPeer status, we firstly need to get the peer's lock. You know, currently, the lock has been got in _peerThreadRoutine which at 1090 line. On the other hand, in _peerThreadRoutine we run at 1091 line. So BRPeerConnectStatus will be blocked until get the lock.
Step 6
OK, it's time for _peerThreadRoutine releasing the lock. BRPeerConnectStatus returns the BRPeerStatusDisconnected. Then we get into a situation that _peerDisconnected will be called. Switch to Step 7 to see what does it do.
Step 7
Ignore others, just look at BRPeerFree(peer); that frees BRPeer.
Step 8
Finally, let's switch back to _peerThreadRoutine. At line 1109, disconnected which is _peerDisconnected will be called again. So everyone will know its result(crash).
Solution
Actually, we can use another Status to make a difference from BRPeerStatusDisconnected