MSRP: improve port state access safety in talker propagation

lhoward · lhoward · commit 3a9288b55523 · 2025-12-06T19:54:38.000+11:00
The talker propagation logic in _onRegisterStreamIndication read port state
once at the beginning of the apply loop and then used that snapshot across
multiple await suspension points where concurrent operations could modify the
underlying state. This was particularly problematic for _canBridgeTalker, which
makes admission control decisions based on bandwidth calculations. This change
addresses the race condition by reading port state twice: once for the initial
pruning check (where a snapshot is acceptable) and again immediately before
_canBridgeTalker (to ensure bandwidth calculations use current state), reducing
the window for stale data to cause incorrect admission control decisions.
diff --git a/Sources/MRP/Applications/MSRP/MSRPApplication.swift b/Sources/MRP/Applications/MSRP/MSRPApplication.swift
@@ -899,11 +899,13 @@ extension MSRPApplication {
       guard participant.port != port else { return } // don't propagate to source port
 
       let port = participant.port
-      guard let portState = try? withPortState(port: port, { $0 }) else { return }
+
+      // Read port state for pruning check (snapshot is acceptable for this check)
+      guard let initialPortState = try? withPortState(port: port, { $0 }) else { return }
 
       guard await !_shouldPruneTalkerDeclaration(
         port: port,
-        portState: portState,
+        portState: initialPortState,
         streamID: talkerValue.streamID,
         declarationType: declarationType,
         dataFrameParameters: talkerValue.dataFrameParameters,
@@ -946,9 +948,14 @@ extension MSRPApplication {
 
       if declarationType.isTalkerAdvertise {
         do {
+          // Re-fetch port state for admission control to ensure current bandwidth calculations
+          guard let currentPortState = try? withPortState(port: port, { $0 }) else {
+            throw MSRPFailure(systemID: port.systemID, failureCode: .insufficientBridgeResources)
+          }
+
           try await _canBridgeTalker(
             participant: participant,
-            portState: portState,
+            portState: currentPortState,
             streamID: talkerValue.streamID,
             declarationType: declarationType,
             dataFrameParameters: talkerValue.dataFrameParameters,
