From 142d4fefb8db0ac2c30b18f75dc415093fb77f27 Mon Sep 17 00:00:00 2001
From: Filip Jenicek <phill@janevim.cz>
Date: Tue, 8 Dec 2015 08:57:22 +0100
Subject: chan_sip: Check sip_pvt pointer in ast_channel_get_t38_state(c)

Asterisk may crash when calling ast_channel_get_t38_state(c)
on a locked channel which is being hung up.

ASTERISK-25609 #close

Change-Id: Ifaa707c04b865a290ffab719bd2e5c48ff667c7b
---
 channels/chan_sip.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index c54224570..9bc15bbbc 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -4752,6 +4752,11 @@ static int sip_queryoption(struct ast_channel *chan, int option, void *data, int
 	struct sip_pvt *p = (struct sip_pvt *) ast_channel_tech_pvt(chan);
 	char *cp;
 
+	if (!p) {
+		ast_debug(1, "Attempt to Ref a null pointer. Sip private structure is gone!\n");
+		return -1;
+	}
+
 	sip_pvt_lock(p);
 
 	switch (option) {
-- 
cgit v1.2.3