From 5dae803eea01a0574eb34bc92933fabc69504767 Mon Sep 17 00:00:00 2001 From: Kevin Harwell Date: Thu, 10 Oct 2019 15:30:06 -0500 Subject: [PATCH] res_pjsip_mwi: potential double unref, and potential unwanted double link When creating an unsolicited MWI aggregate subscription it was possible for the subscription object to be double unref'ed. This patch removes the explicit unref as it is not needed since the RAII_VAR will handle it at function end. Less concerning there was also a bug that could potentially allow the aggregate subscription object to be added to the unsolicited container twice. This patch ensures it is added only once. ASTERISK-28575 Change-Id: I9ccfdb5ea788bc0c3618db183aae235e53c12763 --- res/res_pjsip_mwi.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/res/res_pjsip_mwi.c b/res/res_pjsip_mwi.c index d7749fab64..eb399030fd 100644 --- a/res/res_pjsip_mwi.c +++ b/res/res_pjsip_mwi.c @@ -1217,6 +1217,13 @@ static int create_unsolicited_mwi_subscriptions(struct ast_sip_endpoint *endpoin if (!aggregate_sub) { return 0; /* No MWI aggregation for you */ } + + /* + * Just in case we somehow get in the position of recreating with no previous + * aggregate object, set recreate to false here in order to allow the new + * object to be linked into the container below + */ + recreate = 0; } } @@ -1260,13 +1267,13 @@ static int create_unsolicited_mwi_subscriptions(struct ast_sip_endpoint *endpoin if (aggregate_sub) { if (ao2_container_count(aggregate_sub->stasis_subs)) { - ao2_link_flags(unsolicited_mwi, aggregate_sub, OBJ_NOLOCK); + /* Only link if we're dealing with a new aggregate object */ + if (!recreate) { + ao2_link_flags(unsolicited_mwi, aggregate_sub, OBJ_NOLOCK); + } if (send_now && sub_added) { send_notify(aggregate_sub, NULL, 0); } - } else { - /* No stasis subscriptions then no MWI data to aggregate */ - ao2_ref(aggregate_sub, -1); } } -- 2.47.2