From beaa7874ff8e3b1d2951218c94e7e6bbba9c0531 Mon Sep 17 00:00:00 2001 From: George Joseph Date: Sun, 25 Mar 2018 12:30:05 -0600 Subject: [PATCH] sip_transaction: In tsx_timer_callback, check if tsx is already gone There have been cases that when the transaction timer callback is called the tsx is already destroyed. This causes a crash. We now check the tsx state and return if the tsx is already destroyed. --- pjsip/src/pjsip/sip_transaction.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c index d52b12a72..6d4cdc65f 100644 --- a/pjsip/src/pjsip/sip_transaction.c +++ b/pjsip/src/pjsip/sip_transaction.c @@ -1119,6 +1119,10 @@ static void tsx_timer_callback( pj_timer_heap_t *theap, pj_timer_entry *entry) PJ_UNUSED_ARG(theap); + if (tsx->state >= PJSIP_TSX_STATE_DESTROYED) { + return; + } + if (entry->id == TRANSPORT_ERR_TIMER) { /* Posted transport error event */ entry->id = 0; -- 2.14.3