From dd73524bf65ec277d5181cba438995ecf14c55d2 Mon Sep 17 00:00:00 2001
From: Corey Farrell <git@cfware.com>
Date: Tue, 7 Nov 2017 12:34:19 -0500
Subject: res_pjsip_t38: Better error checking for t38_create_media_state.

Change-Id: I81b2587427c6982aa3e2a3f9ad69cce8d316eb10
---
 res/res_pjsip_t38.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'res')

diff --git a/res/res_pjsip_t38.c b/res/res_pjsip_t38.c
index 48cbab37b..8f1905f6e 100644
--- a/res/res_pjsip_t38.c
+++ b/res/res_pjsip_t38.c
@@ -363,7 +363,11 @@ static struct ast_sip_session_media_state *t38_create_media_state(struct ast_sip
 	}
 
 	ast_stream_set_state(stream, AST_STREAM_STATE_SENDRECV);
-	ast_stream_topology_set_stream(media_state->topology, 0, stream);
+	if (ast_stream_topology_set_stream(media_state->topology, 0, stream)) {
+		ast_stream_free(stream);
+		ast_sip_session_media_state_free(media_state);
+		return NULL;
+	}
 
 	caps = ast_format_cap_alloc(AST_FORMAT_CAP_FLAG_DEFAULT);
 	if (!caps) {
@@ -371,9 +375,14 @@ static struct ast_sip_session_media_state *t38_create_media_state(struct ast_sip
 		return NULL;
 	}
 
-	ast_format_cap_append(caps, ast_format_t38, 0);
 	ast_stream_set_formats(stream, caps);
+	/* stream holds a reference to cap, release the local reference
+	 * now so we don't have to deal with it in the error condition. */
 	ao2_ref(caps, -1);
+	if (ast_format_cap_append(caps, ast_format_t38, 0)) {
+		ast_sip_session_media_state_free(media_state);
+		return NULL;
+	}
 
 	session_media = ast_sip_session_media_state_add(session, media_state, AST_MEDIA_TYPE_IMAGE, 0);
 	if (!session_media) {
-- 
cgit v1.2.3