Opened 7 years ago

Closed 7 years ago

#1497 closed defect (fixed)

Crash in pjsua destroy after an incoming call rejected with session timer too small

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.0-rc
Component: pjsua-lib Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported:

Description

The call is terminated prematurely (before 100 response is sent), in a normal way (remote session timer value is too small than the minimum value specified), but call->inv pointer is not resetted to NULL. When pjsua is being destroyed, any access to the bad pointer call->inv, e.g: by pjsua_call_hangup_all(), will trigger crash.

Reproducible with python test scripts-sendto\174_timer_se_too_small.py.

Change History (1)

comment:1 Changed 7 years ago by nanang

  • Resolution set to fixed
  • Status changed from new to closed

(In [4102]) Fix #1497: reset call->inv to NULL whenever call is terminated prematurely (before completely attached to pjsua).

Note: See TracTickets for help on using tickets.