From 48720e7def5af54aa1f07352cd292f11dfdb7ae6 Mon Sep 17 00:00:00 2001 From: George Joseph Date: Sun, 25 Mar 2018 12:35:12 -0600 Subject: pjroject_bundled: Add already-destroyed check to tsx_timer_callback There have been cases that when the transaction timer callback is called the tsx is already destroyed. This causes a crash. We now check the tsx state and return if the tsx is already destroyed. Change-Id: If93acd5e48d9ca5bb553f2405d5afc836842fe1c --- ...tion-In-tsx_timer_callback-check-if-tsx-i.patch | 31 ++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 third-party/pjproject/patches/0090-sip_transaction-In-tsx_timer_callback-check-if-tsx-i.patch diff --git a/third-party/pjproject/patches/0090-sip_transaction-In-tsx_timer_callback-check-if-tsx-i.patch b/third-party/pjproject/patches/0090-sip_transaction-In-tsx_timer_callback-check-if-tsx-i.patch new file mode 100644 index 000000000..12df3469c --- /dev/null +++ b/third-party/pjproject/patches/0090-sip_transaction-In-tsx_timer_callback-check-if-tsx-i.patch @@ -0,0 +1,31 @@ +From beaa7874ff8e3b1d2951218c94e7e6bbba9c0531 Mon Sep 17 00:00:00 2001 +From: George Joseph +Date: Sun, 25 Mar 2018 12:30:05 -0600 +Subject: [PATCH] sip_transaction: In tsx_timer_callback, check if tsx is + already gone + +There have been cases that when the transaction timer callback is called +the tsx is already destroyed. This causes a crash. We now check the +tsx state and return if the tsx is already destroyed. +--- + pjsip/src/pjsip/sip_transaction.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c +index d52b12a72..6d4cdc65f 100644 +--- a/pjsip/src/pjsip/sip_transaction.c ++++ b/pjsip/src/pjsip/sip_transaction.c +@@ -1119,6 +1119,10 @@ static void tsx_timer_callback( pj_timer_heap_t *theap, pj_timer_entry *entry) + + PJ_UNUSED_ARG(theap); + ++ if (tsx->state >= PJSIP_TSX_STATE_DESTROYED) { ++ return; ++ } ++ + if (entry->id == TRANSPORT_ERR_TIMER) { + /* Posted transport error event */ + entry->id = 0; +-- +2.14.3 + -- cgit v1.2.3