From: George Joseph Date: Sun, 25 Mar 2018 18:35:12 +0000 (-0600) Subject: pjroject_bundled: Add already-destroyed check to tsx_timer_callback X-Git-Tag: 15.4.0-rc1~29^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce2ea9e6aae3e457820e22a05a3f495c1d3372b8;p=thirdparty%2Fasterisk.git pjroject_bundled: Add already-destroyed check to tsx_timer_callback There have been cases that when the transaction timer callback is called the tsx is already destroyed. This causes a crash. We now check the tsx state and return if the tsx is already destroyed. Change-Id: If93acd5e48d9ca5bb553f2405d5afc836842fe1c --- diff --git a/third-party/pjproject/patches/0090-sip_transaction-In-tsx_timer_callback-check-if-tsx-i.patch b/third-party/pjproject/patches/0090-sip_transaction-In-tsx_timer_callback-check-if-tsx-i.patch new file mode 100644 index 0000000000..12df3469c2 --- /dev/null +++ b/third-party/pjproject/patches/0090-sip_transaction-In-tsx_timer_callback-check-if-tsx-i.patch @@ -0,0 +1,31 @@ +From beaa7874ff8e3b1d2951218c94e7e6bbba9c0531 Mon Sep 17 00:00:00 2001 +From: George Joseph +Date: Sun, 25 Mar 2018 12:30:05 -0600 +Subject: [PATCH] sip_transaction: In tsx_timer_callback, check if tsx is + already gone + +There have been cases that when the transaction timer callback is called +the tsx is already destroyed. This causes a crash. We now check the +tsx state and return if the tsx is already destroyed. +--- + pjsip/src/pjsip/sip_transaction.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c +index d52b12a72..6d4cdc65f 100644 +--- a/pjsip/src/pjsip/sip_transaction.c ++++ b/pjsip/src/pjsip/sip_transaction.c +@@ -1119,6 +1119,10 @@ static void tsx_timer_callback( pj_timer_heap_t *theap, pj_timer_entry *entry) + + PJ_UNUSED_ARG(theap); + ++ if (tsx->state >= PJSIP_TSX_STATE_DESTROYED) { ++ return; ++ } ++ + if (entry->id == TRANSPORT_ERR_TIMER) { + /* Posted transport error event */ + entry->id = 0; +-- +2.14.3 +