diff options
author | Benny Prijono <bennylp@teluu.com> | 2009-06-25 13:01:06 +0000 |
---|---|---|
committer | Benny Prijono <bennylp@teluu.com> | 2009-06-25 13:01:06 +0000 |
commit | d1db8d7827f6895ec197cb899bc07fc32bb8628b (patch) | |
tree | a9df477ca75814fc7b7626538d0e59af49f84dfb | |
parent | 14019b1222124fd2801c7494680afd8a42818499 (diff) |
Ticket #787: Crash when UAC invite or subscribe session initialization fails (thanks Rostislav Molodyko for the report)
- backported changes from #786
git-svn-id: http://svn.pjsip.org/repos/pjproject/branches/1.0@2811 74dad513-b988-da41-8d7b-12977e46ad98
-rw-r--r-- | pjsip/src/pjsip-ua/sip_inv.c | 4 | ||||
-rw-r--r-- | pjsip/src/pjsua-lib/pjsua_call.c | 16 | ||||
-rw-r--r-- | pjsip/src/pjsua-lib/pjsua_pres.c | 13 |
3 files changed, 27 insertions, 6 deletions
diff --git a/pjsip/src/pjsip-ua/sip_inv.c b/pjsip/src/pjsip-ua/sip_inv.c index cd371daf..fc489440 100644 --- a/pjsip/src/pjsip-ua/sip_inv.c +++ b/pjsip/src/pjsip-ua/sip_inv.c @@ -1367,8 +1367,10 @@ PJ_DEF(pj_status_t) pjsip_inv_invite( pjsip_inv_session *inv, const pjmedia_sdp_session *offer; status = pjmedia_sdp_neg_get_neg_local(inv->neg, &offer); - if (status != PJ_SUCCESS) + if (status != PJ_SUCCESS) { + pjsip_tx_data_dec_ref(tdata); goto on_return; + } tdata->msg->body = create_sdp_body(tdata->pool, offer); } diff --git a/pjsip/src/pjsua-lib/pjsua_call.c b/pjsip/src/pjsua-lib/pjsua_call.c index 2276da3e..a55b6bb7 100644 --- a/pjsip/src/pjsua-lib/pjsua_call.c +++ b/pjsip/src/pjsua-lib/pjsua_call.c @@ -448,6 +448,11 @@ PJ_DEF(pj_status_t) pjsua_call_make_call( pjsua_acc_id acc_id, return status; } + /* Increment the dialog's lock otherwise when invite session creation + * fails the dialog will be destroyed prematurely. + */ + pjsip_dlg_inc_lock(dlg); + /* Calculate call's secure level */ call->secure_level = get_secure_level(acc_id, dest_uri); @@ -538,11 +543,10 @@ PJ_DEF(pj_status_t) pjsua_call_make_call( pjsua_acc_id acc_id, pjsua_perror(THIS_FILE, "Unable to send initial INVITE request", status); - /* Upon failure to send first request, both dialog and invite + /* Upon failure to send first request, the invite * session would have been cleared. */ inv = NULL; - dlg = NULL; goto on_error; } @@ -551,6 +555,7 @@ PJ_DEF(pj_status_t) pjsua_call_make_call( pjsua_acc_id acc_id, if (p_call_id) *p_call_id = call_id; + pjsip_dlg_dec_lock(dlg); pj_pool_release(tmp_pool); PJSUA_UNLOCK(); @@ -558,10 +563,13 @@ PJ_DEF(pj_status_t) pjsua_call_make_call( pjsua_acc_id acc_id, on_error: + if (dlg) { + /* This may destroy the dialog */ + pjsip_dlg_dec_lock(dlg); + } + if (inv != NULL) { pjsip_inv_terminate(inv, PJSIP_SC_OK, PJ_FALSE); - } else if (dlg) { - pjsip_dlg_terminate(dlg); } if (call_id != -1) { diff --git a/pjsip/src/pjsua-lib/pjsua_pres.c b/pjsip/src/pjsua-lib/pjsua_pres.c index c0461bd4..2eb78230 100644 --- a/pjsip/src/pjsua-lib/pjsua_pres.c +++ b/pjsip/src/pjsua-lib/pjsua_pres.c @@ -1442,13 +1442,21 @@ static void subscribe_buddy_presence(unsigned index) return; } + /* Increment the dialog's lock otherwise when presence session creation + * fails the dialog will be destroyed prematurely. + */ + pjsip_dlg_inc_lock(buddy->dlg); + status = pjsip_pres_create_uac( buddy->dlg, &pres_callback, PJSIP_EVSUB_NO_EVENT_ID, &buddy->sub); if (status != PJ_SUCCESS) { pjsua_var.buddy[index].sub = NULL; pjsua_perror(THIS_FILE, "Unable to create presence client", status); - pjsip_dlg_terminate(buddy->dlg); + /* This should destroy the dialog since there's no session + * referencing it + */ + pjsip_dlg_dec_lock(buddy->dlg); if (tmp_pool) pj_pool_release(tmp_pool); return; } @@ -1481,6 +1489,7 @@ static void subscribe_buddy_presence(unsigned index) status = pjsip_pres_initiate(buddy->sub, -1, &tdata); if (status != PJ_SUCCESS) { + pjsip_dlg_dec_lock(buddy->dlg); if (buddy->sub) { pjsip_pres_terminate(buddy->sub, PJ_FALSE); } @@ -1495,6 +1504,7 @@ static void subscribe_buddy_presence(unsigned index) status = pjsip_pres_send_request(buddy->sub, tdata); if (status != PJ_SUCCESS) { + pjsip_dlg_dec_lock(buddy->dlg); if (buddy->sub) { pjsip_pres_terminate(buddy->sub, PJ_FALSE); } @@ -1505,6 +1515,7 @@ static void subscribe_buddy_presence(unsigned index) return; } + pjsip_dlg_dec_lock(buddy->dlg); if (tmp_pool) pj_pool_release(tmp_pool); } |