From a70075ce10ab41de91d3368db78c06f70ba3747f Mon Sep 17 00:00:00 2001 From: Mark Michelson Date: Fri, 15 Feb 2013 18:42:02 +0000 Subject: [PATCH] Fix a crash that occurred when a BYE was received on a replaced dialog. Reference counting for the channel and its tech_pvt got messed up at some point between 1.8 and 11. The result was that if a BYE for a dialog that had been replaced (via an INVITE with Replaces) was received, Asterisk would crash due to trying to access data on a channel that was no longer there. The fix I introduced is to remove code that both unrefs the sip_pvt and sets the channel's tech_pvt to NULL when an INVITE with Replaces is handled. This way when a BYE is received, the tech_pvt will be non-NULL and so the BYE can be processed and not cause a crash. (closes issue ASTERISK-20929) reported by Kristopher Lalletti patches: ASTERISK-20929.patch uploaded by Mark Michelson (License #5049) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@381566 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_sip.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 8e43ef69e9..eb1fa152c5 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -24629,9 +24629,6 @@ static int handle_invite_replaces(struct sip_pvt *p, struct sip_request *req, st ast_setstate(c, AST_STATE_DOWN); ast_channel_unlock(c); - /* The call should be down with no ast_channel, so hang it up */ - ast_channel_tech_pvt_set(c, dialog_unref(ast_channel_tech_pvt(c), "unref dialog c->tech_pvt")); - /* c and c's tech pvt must be unlocked at this point for ast_hangup */ ast_hangup(c); /* this indicates to handle_request_do that the owner channel has already been unlocked */ -- 2.47.2