From 2f68e69168050f1b7870147999b70fb1a32888c1 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov@gmail.com>
Date: Wed, 11 Mar 2026 12:19:16 +0100
Subject: [PATCH] Fix data race in DebugFile class (Coverity CID 901301-901311)

Move std::lock_guard acquisition before checking fp pointer to prevent
race conditions. The previous pattern checked fp without holding the
lock, then acquired the lock and checked again, but another thread could
modify fp between the unlocked check and lock acquisition.

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Assisted-by: Claude (Anthropic) <https://claude.ai>
---
 src/rtpstream.cpp | 30 ++++++++++++------------------
 1 file changed, 12 insertions(+), 18 deletions(-)

diff --git a/src/rtpstream.cpp b/src/rtpstream.cpp
index 8a02f582..88c93cb3 100644
--- a/src/rtpstream.cpp
+++ b/src/rtpstream.cpp
@@ -35,6 +35,7 @@
 #include <vector>
 #include <errno.h>
 #include <sstream>
+#include <fcntl.h>
 
 /* stub to add extra debugging/logging... */
 static void debugprint(const char* format, ...)
@@ -151,27 +152,20 @@ class DebugFile
 
     bool open(const char* filename)
     {
-        if (fp)
-        {
-            return true;
-        }
         std::lock_guard lock(mutex);
-        if (!fp)
-        {
-            fp = fopen(filename, "w");
-        }
+        if (fp) return true;
+        int fd = ::open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+        if (fd < 0) return false;
+        fp = fdopen(fd, "w");
         return !!fp;
     }
 
     void close()
     {
+        std::lock_guard lock(mutex);
         if (fp)
         {
-            std::lock_guard lock(mutex);
-            if (fp)
-            {
-                fclose(fp);
-            }
+            fclose(fp);
             fp = nullptr;
         }
     }
@@ -196,11 +190,11 @@ class DebugFile
     void printVector(char const *note, std::vector<unsigned long> const &v) const;
     void printf(const char* format, ...) const
     {
+        std::lock_guard lock(mutex);
         if (!fp)
         {
             return;
         }
-        std::lock_guard lock(mutex);
         va_list args;
         va_start(args, format);
         // fprintf(fp, "TID: %lu ", tid_self());
@@ -336,11 +330,11 @@ void DebugFile::printHex(
     int moreinfo
 ) const
 {
+    std::lock_guard lock(mutex);
     if (!fp || !note || !string || !rtpcheck_debug)
     {
         return;
     }
-    std::lock_guard lock(mutex);
     fprintf(fp, "TID: %lu %s %u 0x%llx %d [", tid_self(), note, size, extrainfo, moreinfo);
     for (unsigned int i = 0; i < size; i++)
     {
@@ -351,11 +345,11 @@ void DebugFile::printHex(
 
 void DebugFile::printVector(char const* note, std::vector<unsigned long> const &v) const
 {
+    std::lock_guard lock(mutex);
     if (!fp || !note || !rtpcheck_debug)
     {
         return;
     }
-    std::lock_guard lock(mutex);
     fprintf(fp, "TID: %lu %s\n", tid_self(), note);
     for (unsigned int i = 0; i < v.size(); i++)
     {
@@ -365,11 +359,11 @@ void DebugFile::printVector(char const* note, std::vector<unsigned long> const &
 
 void RtpEchoDebugFile::printReceived(unsigned char const* data, unsigned int size) const
 {
+    std::lock_guard lock(mutex);
     if (!fp || !data)
     {
         return;
     }
-    std::lock_guard lock(mutex);
     fprintf(fp, "DATA SUCCESSFULLY RECEIVED [%s] nr = %u...",
         type == Type::Audio ? "AUDIO" : "VIDEO",
         size);
@@ -382,11 +376,11 @@ void RtpEchoDebugFile::printReceived(unsigned char const* data, unsigned int siz
 
 void SrtpDebugFile::printCrypto(const SrtpInfoParams &p) const
 {
+    std::lock_guard lock(mutex);
     if (!fp)
     {
         return;
     }
-    std::lock_guard lock(mutex);
     fprintf(fp, "found                     : %d\n", p.found);
     fprintf(fp, "primary_cryptotag         : %d\n", p.primary_cryptotag);
     fprintf(fp, "secondary_cryptotag       : %d\n", p.secondary_cryptotag);