Hello,
I encountered a PJSUA crash when deleting an account. The scenario is the following:
1. Call pjsua_acc_del which in turn calls: pjsua_acc_set_registration(acc_id, PJ_FALSE) and then pjsua_pres_delete_acc(acc_id, 0)
2. pjsua_acc_set_registration calls pjsua_pres_unpublish(&pjsua_var.acc[acc_id], 0);
3. pjsua_pres_delete_acc pjsua_pres_unpublish(acc, flags);
4.
Thread at Step 3 is preempted. Meanwhile the PUBLISH response (200 OK)
arrives, for the message sent at step 2. This executes publish_cb
(pjsua_pres.c), which destroys the account publish session and sets it
to NULL. This is executed on another thread than Steps 1,2,3.
| if (param->expiration < 1) { |
| /* Could happen if server "forgot" to include Expires header |
| * in the response. We will not renew, so destroy the pubc. |
| */ |
| pjsip_publishc_destroy(param->pubc); |
| acc->publish_sess = NULL; |
}
5.
Step 3 is resumed, but now acc->publish_sess is NULL, after it
previously passed a check against NULL pointer. The code eventually
crashes in pjsip_publishc_set_via_sent_by because acc->publish_sess is NULL.
Thanks you,
Bogdan.
_______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip@xxxxxxxxxxxxxxx http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
