diff options
| author | Benny Prijono <bennylp@teluu.com> | 2009-12-10 05:16:23 +0000 |
|---|---|---|
| committer | Benny Prijono <bennylp@teluu.com> | 2009-12-10 05:16:23 +0000 |
| commit | 019165da431955c0f225ce32f0a5f4ad913141dd (patch) | |
| tree | 98652c09a011bcc751c3b9c97715e601c5ba4e97 | |
| parent | d6a96e877ad72c410af8e48f1c13ab4bb64c0443 (diff) | |
Ticket #1002: Crash when adding/removing buddies (thanks Nikolay Popok and Robert Cichielo for the reports)
- the timer associated with a buddy is not removed when buddy is deleted, causing crash later on in timer heap. Fixed.
- when fails to send the initial SUBSCRIBE request, the dialog associated with buddy subscription will have been destroyed in the callback, causing any subsequent "pjsip_dlg_dec_lock(buddy->dlg)" call to crash. Fixed by protecting the call with "if (buddy->dlg)".
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@3031 74dad513-b988-da41-8d7b-12977e46ad98
| -rw-r--r-- | pjsip/src/pjsip/sip_dialog.c | 2 | ||||
| -rw-r--r-- | pjsip/src/pjsua-lib/pjsua_pres.c | 18 |
2 files changed, 14 insertions, 6 deletions
diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c index 7514616a..f7afde96 100644 --- a/pjsip/src/pjsip/sip_dialog.c +++ b/pjsip/src/pjsip/sip_dialog.c @@ -854,6 +854,8 @@ PJ_DEF(pj_status_t) pjsip_dlg_try_inc_lock(pjsip_dialog *dlg) */ PJ_DEF(void) pjsip_dlg_dec_lock(pjsip_dialog *dlg) { + PJ_ASSERT_ON_FAIL(dlg!=NULL, return); + PJ_LOG(6,(dlg->obj_name, "Entering pjsip_dlg_dec_lock(), sess_count=%d", dlg->sess_count)); diff --git a/pjsip/src/pjsua-lib/pjsua_pres.c b/pjsip/src/pjsua-lib/pjsua_pres.c index effa4010..e74ee406 100644 --- a/pjsip/src/pjsua-lib/pjsua_pres.c +++ b/pjsip/src/pjsua-lib/pjsua_pres.c @@ -508,6 +508,12 @@ PJ_DEF(pj_status_t) pjsua_buddy_del(pjsua_buddy_id buddy_id) pjsua_var.buddy[buddy_id].uri.slen = 0; pjsua_var.buddy_cnt--; + /* Clear timer */ + if (pjsua_var.buddy[buddy_id].timer.id) { + pjsua_cancel_timer(&pjsua_var.buddy[buddy_id].timer); + pjsua_var.buddy[buddy_id].timer.id = PJ_FALSE; + } + /* Reset buddy struct */ reset_buddy(buddy_id); @@ -1728,7 +1734,7 @@ static void subscribe_buddy_presence(pjsua_buddy_id buddy_id) /* This should destroy the dialog since there's no session * referencing it */ - pjsip_dlg_dec_lock(buddy->dlg); + if (buddy->dlg) pjsip_dlg_dec_lock(buddy->dlg); if (tmp_pool) pj_pool_release(tmp_pool); return; } @@ -1761,7 +1767,7 @@ static void subscribe_buddy_presence(pjsua_buddy_id buddy_id) status = pjsip_pres_initiate(buddy->sub, -1, &tdata); if (status != PJ_SUCCESS) { - pjsip_dlg_dec_lock(buddy->dlg); + if (buddy->dlg) pjsip_dlg_dec_lock(buddy->dlg); if (buddy->sub) { pjsip_pres_terminate(buddy->sub, PJ_FALSE); } @@ -1776,7 +1782,7 @@ static void subscribe_buddy_presence(pjsua_buddy_id buddy_id) status = pjsip_pres_send_request(buddy->sub, tdata); if (status != PJ_SUCCESS) { - pjsip_dlg_dec_lock(buddy->dlg); + if (buddy->dlg) pjsip_dlg_dec_lock(buddy->dlg); if (buddy->sub) { pjsip_pres_terminate(buddy->sub, PJ_FALSE); } @@ -2009,7 +2015,7 @@ void pjsua_start_mwi(pjsua_acc *acc) if (status != PJ_SUCCESS) { pjsua_perror(THIS_FILE, "Error creating MWI subscription", status); if (tmp_pool) pj_pool_release(tmp_pool); - pjsip_dlg_dec_lock(acc->mwi_dlg); + if (acc->mwi_dlg) pjsip_dlg_dec_lock(acc->mwi_dlg); return; } @@ -2041,7 +2047,7 @@ void pjsua_start_mwi(pjsua_acc *acc) status = pjsip_mwi_initiate(acc->mwi_sub, -1, &tdata); if (status != PJ_SUCCESS) { - pjsip_dlg_dec_lock(acc->mwi_dlg); + if (acc->mwi_dlg) pjsip_dlg_dec_lock(acc->mwi_dlg); if (acc->mwi_sub) { pjsip_pres_terminate(acc->mwi_sub, PJ_FALSE); } @@ -2057,7 +2063,7 @@ void pjsua_start_mwi(pjsua_acc *acc) status = pjsip_pres_send_request(acc->mwi_sub, tdata); if (status != PJ_SUCCESS) { - pjsip_dlg_dec_lock(acc->mwi_dlg); + if (acc->mwi_dlg) pjsip_dlg_dec_lock(acc->mwi_dlg); if (acc->mwi_sub) { pjsip_pres_terminate(acc->mwi_sub, PJ_FALSE); } |