From c2eea791e4178e5f2e4446a5f70d81ac27cf2a0e Mon Sep 17 00:00:00 2001 From: George Joseph Date: Wed, 14 Jun 2017 10:12:21 -0600 Subject: [PATCH] res_pjsip_pubsub: Fix reference to released endpoint destroy_subscription was attempting to get the id of the subscription tree's endpoint after we'd already called ao2_cleanup on it causing a segfault. Moved the cleanup until after the debug statement and since endpoint could also be NULL at this point, check for that as well. ASTERISK-27057 #close Reported-by: Ryan Smith Change-Id: Ice0a7727f560cf204d870a774c6df71e159b1678 --- res/res_pjsip_pubsub.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/res/res_pjsip_pubsub.c b/res/res_pjsip_pubsub.c index fbb1ad4e88..c62bddd56c 100644 --- a/res/res_pjsip_pubsub.c +++ b/res/res_pjsip_pubsub.c @@ -1108,7 +1108,9 @@ static void remove_subscription(struct sip_subscription_tree *obj) static void destroy_subscription(struct ast_sip_subscription *sub) { ast_debug(3, "Destroying SIP subscription from '%s->%s'\n", - ast_sorcery_object_get_id(sub->tree->endpoint), sub->resource); + sub->tree->endpoint ? ast_sorcery_object_get_id(sub->tree->endpoint) : "Unknown", + sub->resource); + ast_free(sub->body_text); AST_VECTOR_FREE(&sub->children); @@ -1265,14 +1267,14 @@ static void subscription_tree_destructor(void *obj) sub_tree->endpoint ? ast_sorcery_object_get_id(sub_tree->endpoint) : "Unknown", sub_tree->root ? sub_tree->root->resource : "Unknown"); - ao2_cleanup(sub_tree->endpoint); - destroy_subscriptions(sub_tree->root); if (sub_tree->dlg) { ast_sip_push_task_synchronous(sub_tree->serializer, subscription_unreference_dialog, sub_tree); } + ao2_cleanup(sub_tree->endpoint); + ast_taskprocessor_unreference(sub_tree->serializer); ast_module_unref(ast_module_info->self); }