From 7a22fc27fbf85ca27869f9e103f517de527d84f4 Mon Sep 17 00:00:00 2001 From: Mark Michelson Date: Mon, 28 Sep 2015 16:36:25 -0500 Subject: [PATCH] res_pjsip_pubsub: Prevent crashes on final NOTIFY. The SIP dialog is removed from the subscription tree when the final NOTIFY is sent. However, after the final NOTIFY is sent, the persistence update function still attempts to access the cseq from the dialog, resulting in a crash. This fix removes the subscription persistence at the same time that the dialog is removed from the subscription tree. This way, there is no attempt to update persistence when the subscription is being destroyed. Change-Id: Ibb46977a6cef9c51dc95f40f43446e3d11eed5bb --- res/res_pjsip_pubsub.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/res/res_pjsip_pubsub.c b/res/res_pjsip_pubsub.c index 3f940c2e32..03c52017b7 100644 --- a/res/res_pjsip_pubsub.c +++ b/res/res_pjsip_pubsub.c @@ -595,6 +595,7 @@ static void subscription_persistence_remove(struct sip_subscription_tree *sub_tr ast_sorcery_delete(ast_sip_get_sorcery(), sub_tree->persistence); ao2_ref(sub_tree->persistence, -1); + sub_tree->persistence = NULL; } @@ -1180,7 +1181,6 @@ static void subscription_tree_destructor(void *obj) remove_subscription(sub_tree); - subscription_persistence_remove(sub_tree); ao2_cleanup(sub_tree->endpoint); destroy_subscriptions(sub_tree->root); @@ -3279,6 +3279,7 @@ static void pubsub_on_evsub_state(pjsip_evsub *evsub, pjsip_event *event) ast_sip_dialog_set_serializer(sub_tree->dlg, NULL); ast_sip_dialog_set_endpoint(sub_tree->dlg, NULL); sub_tree->dlg = NULL; + subscription_persistence_remove(sub_tree); shutdown_subscriptions(sub_tree->root); /* Remove evsub's reference to the sub_tree */